Security checks — sorted by severity
MTA-STS & TLS Reporting
Issues: No MTA-STS configured — email in transit is vulnerable to TLS downgrade attacks. Sending servers cannot verify that your mail server requires TLS; No TLSRPT record — TLS delivery failures won't be reported to domain owner.
Issues: No MTA-STS configured — email in transit is vulnerable to TLS downgrade attacks. Sending servers cannot verify that your mail server requires TLS; No TLSRPT record — TLS delivery failures won't be reported to domain owner.
DNS CAA Records
Strengths: CAA records configured (11 record(s)); Authorized CAs: comodoca.com, digicert.com; cansignhttpexchanges=yes, letsencrypt.org, pki.goog; cansignhttpexchanges=yes, ssl.com. Issues: No iodef record — CA violations won't be reported to the domain owner.
Strengths: CAA records configured (11 record(s)); Authorized CAs: comodoca.com, digicert.com; cansignhttpexchanges=yes, letsencrypt.org, pki.goog; cansignhttpexchanges=yes, ssl.com. Issues: No iodef record — CA violations won't be reported to the domain owner.
Cookie Security
Strengths: 2 cookie(s) analyzed; All cookies have Secure flag; All cookies have HttpOnly flag. Issues: 1/2 cookie(s) missing SameSite attribute (__cf_bm).
Strengths: 2 cookie(s) analyzed; All cookies have Secure flag; All cookies have HttpOnly flag. Issues: 1/2 cookie(s) missing SameSite attribute (__cf_bm).
security.txt (RFC 9116)
No security.txt found. Publishing a security.txt at /.well-known/security.txt is the industry standard (RFC 9116) for vulnerability disclosure policies. Its absence may indicate a less mature security program.
No security.txt found. Publishing a security.txt at /.well-known/security.txt is the industry standard (RFC 9116) for vulnerability disclosure policies. Its absence may indicate a less mature security program.
MX Records & Mail Provider
Strengths: Mail handled by Proofpoint; 7 MX record(s) configured; Multiple MX records provide redundancy.
Strengths: Mail handled by Proofpoint; 7 MX record(s) configured; Multiple MX records provide redundancy.
DNS Configuration
Strengths: 2 nameservers configured (cruz.ns.cloudflare.com., yisroel.ns.cloudflare.com.); 7 MX records present; DNSSEC enabled; Zone transfers properly restricted.
Strengths: 2 nameservers configured (cruz.ns.cloudflare.com., yisroel.ns.cloudflare.com.); 7 MX records present; DNSSEC enabled; Zone transfers properly restricted.
TLS Protocol Support
Strengths: TLS 1.3 supported; TLS 1.2 supported; TLS 1.3 supported (strongest). Protocol support: TLS 1.3: Yes, TLS 1.2: Yes, TLS 1.1: No, TLS 1.0: No.
Strengths: TLS 1.3 supported; TLS 1.2 supported; TLS 1.3 supported (strongest). Protocol support: TLS 1.3: Yes, TLS 1.2: Yes, TLS 1.1: No, TLS 1.0: No.
TLS Configuration
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
HSTS Header
HSTS enabled: max-age=31536000s (365 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.
HSTS enabled: max-age=31536000s (365 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.
Security Headers
All 5 recommended security headers present: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy.
All 5 recommended security headers present: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy.
Known Breaches
No known breaches found in public disclosure databases.
No known breaches found in public disclosure databases.
DMARC / Email Security
Strengths: DMARC policy set to quarantine; SPF record present with soft-fail (~all); DKIM configured (selectors: google).
Strengths: DMARC policy set to quarantine; SPF record present with soft-fail (~all); DKIM configured (selectors: google).
CVE Exposure
Detected technologies: cloudflare. (cloudflare detected but excluded from CVE matching — upstream infrastructure). All detected technologies are upstream CDN/proxy infrastructure. No application-level software versions exposed.
Detected technologies: cloudflare. (cloudflare detected but excluded from CVE matching — upstream infrastructure). All detected technologies are upstream CDN/proxy infrastructure. No application-level software versions exposed.
Certificate Hygiene
Strengths: Certificate valid, 67 days remaining; Issued by Google Trust Services.
Strengths: Certificate valid, 67 days remaining; Issued by Google Trust Services.
AI Summary
What this means
saviynt.com scored 100/100, demonstrating a strong security posture. Minor improvements are noted below.
Positive signals: MX Records & Mail Provider, DNS Configuration, TLS Protocol Support all passed.
How saviynt.com compares
Grade distribution across 2687 companies we've scanned. saviynt.com scores better than 99% of them.
88
A+
28
A
196
A-
202
B+
76
B
376
B-
138
C+
117
C
348
C-
123
D+
96
D
266
D-
633
F
saviynt.com — Grade A+ (100/100)
2687 companies scanned
At a glance
Key data points from the scan.
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=quarantine
Strengths: DMARC policy set to quarantine; SPF record present with soft-fail (~all); DKIM configured (selectors: google).
SPF Record
Present
v=spf1 include:_spf.google.com include:mktomail.com include:spf.us.exclaimer.net include:_spf.salesf
Security Headers
5/5 present
All headers configured.
HSTS
Enabled
HSTS enabled: max-age=31536000s (365 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.
SSL Certificate
Valid
Strengths: Certificate valid, 67 days remaining; Issued by Google Trust Services.
DNSSEC
Enabled
Strengths: 2 nameservers configured (cruz.ns.cloudflare.com., yisroel.ns.cloudflare.com.); 7 MX records present; DNSSEC enabled; Zone transfers properly restricted.
Similar companies
Other domains with comparable security profiles.
