Is shopee.com.my safe to use as a vendor?

shopee.com.my scored 92/100 on LynxRadar's security posture assessment. The domain meets baseline security requirements. 9 checks passed, 5 warnings, 0 critical issues across 14 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

Does shopee.com.my have security headers configured?

shopee.com.my has 3 of 5 recommended security headers. Present: CSP, X-Content-Type-Options, Referrer-Policy. Missing: X-Frame-Options, Permissions-Policy.

shopee.com.my Security Report — Grade A- (92/100)

Q: What TLS version does shopee.com.my use?

shopee.com.my uses TLSv1.3 with TLS_AES_256_GCM_SHA384. TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

Q: Does shopee.com.my have DMARC configured?

Yes. shopee.com.my's DMARC policy is set to 'reject'. SPF record: yes. Strengths: DMARC policy set to reject (strongest); SPF record present with soft-fail (~all); DKIM configured (selectors: s1, s2, k1, mail, mandrill).

Q: Does shopee.com.my use HSTS?

Yes. HSTS enabled: max-age=31536000s (365 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.

Q: Is shopee.com.my's SSL certificate valid?

Yes. Strengths: Certificate valid, 150 days remaining; Issued by GlobalSign nv-sa. Note: Wildcard certificate in use (*.domain) — covers all subdomains. Common practice; worth noting that compromise would affect all subdomains.

Q: Does shopee.com.my have DNSSEC enabled?

No. Strengths: 4 nameservers configured (ns-992.awsdns-60.net., ns-1121.awsdns-12.org., ns-1839.awsdns-37.co.uk., ns-248.awsdns-31.com.); 5 MX records present; Zone transfers properly restricted. Issues: DNSSEC not configured — DNS responses can be spoofed.

A-

92/100

shopee.com.my

May 07, 2026 ·

1+ Warnings 9 Passed

AI Summary

shopee.com.my scored 92/100, demonstrating a strong security posture. Minor improvements are noted below.

Positive signals: MX Records & Mail Provider, DMARC / Email Security, TLS Configuration all passed.

2 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Better than 92% of 2675 companies scanned.

092th pct100

A+

A-

B+

B-

C+

C-

D+

D-

MTA-STS & TLS Reporting

DNS CAA Records

DNS Configuration

Security Headers

security.txt (RFC 9116)

MX Records & Mail Provider

DMARC / Email Security

TLS Configuration

Known Breaches

HSTS Header

Cookie Security

TLS Protocol Support

CVE Exposure

Certificate Hygiene

A-

shopee.com.my

92/100

No critical issues — great work!

Enable DNSSEC on your domain

1–3 days (depends on registrar) High

Without DNSSEC, DNS responses for shopee.com.my can be spoofed, potentially redirecting users to malicious sites. This requires coordination with your domain registrar to publish DS records.

NIST 800-53SC-20

Secure name/address resolution service

How to fix this

1Check if your DNS provider supports DNSSEC (Cloudflare, Route53, etc.)

2Enable DNSSEC signing in your DNS provider dashboard

3Add the DS record to your registrar for .my TLD

4Verify: dig +dnssec shopee.com.my

1 item locked

Unlock the full action plan

Report unlocked.

At a glance

Full data from this scan

TLS Version

TLSv1.3

TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

DMARC Policy

p=reject

Strengths: DMARC policy set to reject (strongest); SPF record present with soft-fail (~all); DKIM configured (selectors: s1, s2, k1, mail, mandrill).

SPF Record

Present

v=spf1 include:mail.zendesk.com include:_spf.salesforce.com include:_spf.google.com ~all

Security Headers

3/5 present

Missing: X-Frame-Options, Permissions-Policy

HSTS

Enabled

HSTS enabled: max-age=31536000s (365 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.

SSL Certificate

Valid

Strengths: Certificate valid, 150 days remaining; Issued by GlobalSign nv-sa. Note: Wildcard certificate in use (*.domain) — covers all subdomains. Common practice; worth noting that compromise would affect all subdomains.

DNSSEC

Not enabled

Strengths: 4 nameservers configured (ns-992.awsdns-60.net., ns-1121.awsdns-12.org., ns-1839.awsdns-37.co.uk., ns-248.awsdns-31.com.); 5 MX records present; Zone transfers properly restricted. Issues: DNSSEC not configured — DNS responses can be spoofed.

Similar companies

Other domains with comparable security profiles.