Overview
Findings
Actions
Details
Related
AI-Generated Summary
What this means
ttsh.com.sg scored 92/100, demonstrating a strong security posture. Minor improvements are noted below.
Positive signals: TLS Configuration, Known Breaches, HSTS Header all passed.
1 action item identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.
How ttsh.com.sg compares
Grade distribution across 2598 companies we've scanned. ttsh.com.sg scores better than 92% of them.
83
A+
25
A
190
A-
196
B+
75
B
362
B-
129
C+
114
C
330
C-
119
D+
95
D
252
D-
628
F
ttsh.com.sg — Grade A- (92/100)
2598 companies scanned
Security checks
Each check inspects a different part of ttsh.com.sg's public security setup. Green means healthy, yellow needs attention, red is a problem.
DMARC / Email Security
Strengths: DMARC policy set to quarantine; SPF record present with hard-fail (-all). Issues: No DKIM records found for common selectors (may use non-standard selectors).
TLS Configuration
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
Known Breaches
No known breaches found in public disclosure databases.
DNS Configuration
Strengths: 2 nameservers configured (teresa.ns.cloudflare.com., bart.ns.cloudflare.com.); 2 MX records present; DNSSEC enabled; Zone transfers properly restricted.
HSTS Header
HSTS enabled: max-age=31536000 with includeSubDomains and preload. Meets best-practice configuration.
Security Headers
All 5 recommended security headers present: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy.
Certificate Hygiene
Strengths: Certificate valid, 114 days remaining; Issued by GlobalSign nv-sa.
CVE Exposure
Detected technologies: cloudflare, Microsoft/SharePoint. (cloudflare detected but excluded from CVE matching — upstream infrastructure). No high or critical CVEs found for detected versions.
Recommended actions
1 item
Steps to improve ttsh.com.sg's security grade, ranked by impact.
1
Strengthen email authentication configuration
Email authentication is partially configured for ttsh.com.sg but has gaps. Actions needed: configure DKIM. Until DMARC enforcement is active, spoofed emails may still reach recipients.
Compliance impact
NIST CSFPR.AC-7
Email authentication is a required access control
How to fix this
1
Configure DKIM and publish public key in DNS
2
Verify with: nslookup -type=txt _dmarc.ttsh.com.sg
At a glance
Key data points from the scan.
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=quarantine
Strengths: DMARC policy set to quarantine; SPF record present with hard-fail (-all). Issues: No DKIM records found for common selectors (may use non-standard selectors).
SPF Record
Present
v=spf1 mx include:_spf-dc44.sapsf.com ip4:103.230.232.100 ip4:103.230.234.100 -all
Security Headers
5/5 present
All headers configured.
HSTS
Enabled
HSTS enabled: max-age=31536000 with includeSubDomains and preload. Meets best-practice configuration.
SSL Certificate
Valid
Strengths: Certificate valid, 114 days remaining; Issued by GlobalSign nv-sa.
DNSSEC
Enabled
Strengths: 2 nameservers configured (teresa.ns.cloudflare.com., bart.ns.cloudflare.com.); 2 MX records present; DNSSEC enabled; Zone transfers properly restricted.