uq.edu.au

C-
Conditional · 72/100
Shows significant security gaps that need urgent attention. Positive signals: DNS CAA Records, TLS Configuration, and Known Breaches all passed. 7 action items identified, including 0 critical. The issues point to real architectural gaps, not just configuration tweaks. A focused remediation effort of 1–2 days could address all findings.
Trust Score Trend
→ No change 1 scan · Last scanned February 24, 2026
Your rating Industry average
Score
100 75 50 25 0
C-
uq.edu.au
72/100
Compliance & Certifications
Not yet verified
FERPA
FERPA
Not on file
Self-reported
Pro subscribers only
GDPR
GDPR
DPA not on file
Self-reported
Pro subscribers only
Incident History
None in 12 months
March 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
April 2023 – Feb 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
Security Posture
7 items need attention
8 passed
Turn on HSTS (forces browsers to always use HTTPS)
HSTS Header
< 1 hour

This puts visitor logins and session data at risk of interception on untrusted networks. uq.edu.au doesn't send the HSTS header, so a browser can still be tricked into connecting over plain, unencrypted HTTP instead of HTTPS — an attacker on the same network (e.g. public wifi) can exploit that gap to intercept traffic. Turning HSTS on tells every browser "always use HTTPS for this site, no exceptions."

PCI-DSS 4.0Req 6.4.1
Required application security controls
NIST 800-53SC-8
Transmission confidentiality and integrity
How to fix this
1Add this response header to your site. You're using Fastly in front of this site — add it there, see https://www.fastly.com/documentation/solutions/examples/add-remove-or-change-http-headers/.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2Before adding it, make sure every subdomain (not just the main site) also works over HTTPS — HSTS applies site-wide.
3Confirm it's live: search "http header checker" and enter uq.edu.au.
4Once confirmed, submit the domain at hstspreload.org so browsers enforce HTTPS even on a user's very first visit.
Report unlocked.
View all 8 passed checks
DNS CAA Records
TLS Configuration
Known Breaches
CVE Exposure
DMARC / Email Security
MX Records & Mail Provider
TLS Protocol Support
Subprocessors & Tech Stack
Company Signals
Claim profile →
Operational risk
Low
11 yrs operating. Well-funded
Lynxradar · Composite signal
Last funding
$40B
Series F · Mar 2025 · SoftBank-led
Crunchbase ↗
Employees
~3,000
+40% YoY growth
LinkedIn ↗
Trust Resources
Claim profile →
Trust Center
trust.uq.edu.au ↗
Security page
uq.edu.au/security ↗
Privacy Policy
uq.edu.au/privacy ↗
DPA (Data Processing Agreement)
uq.edu.au/dpa ↗
Updated recently
Subprocessors List
uq.edu.au/policies/subprocessors ↗
Tech Stack Detected
Subprocessors
Fastly
Similar companies in Education / EdTech
Appears in
Claim profile →
SOC 2 Type II certified vendors
847 companies · Updated weekly by LynxRadar
Track
ISO 27001 certified SaaS
312 companies · Updated weekly by LynxRadar
Track
Top AI vendors by trust score
94 companies · LynxRadar ranking
Track
Enterprise-ready SaaS · Trust score A or above
203 companies · LynxRadar ranking
Track