75
wilmar-international.com
Findings
4
·
3
·
1
Checks
8 passive
Executive Summary
AI-GENERATED
wilmar-international.com scored 75/100, meeting baseline requirements but with 3 findings that require attention. The vendor can proceed with a remediation timeline agreement.
Critical gaps in: Security Headers. Positive signals: Known Breaches, TLS Configuration, HSTS Header all passed.
4 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.
Action Items
Ordered by priority · 4 items
1
Strengthen email authentication configuration
Email authentication is partially configured for wilmar-international.com but has gaps. Actions needed: configure DKIM. Until DMARC enforcement is active, spoofed emails may still reach recipients.
Compliance Impact
NIST CSFPR.AC-7
Email authentication is a required access control
Remediation Steps
1
Configure DKIM and publish public key in DNS
2
Verify with: nslookup -type=txt _dmarc.wilmar-international.com
Unlock the full remediation plan
Get detailed steps, compliance mapping, and ownership for all 4 action items. Free — just enter your work email.
No spam. We'll only contact you about this report.
✓ Report unlocked. Scroll down for full details.
2
Add missing security headers (CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
4 of 5 recommended security headers are missing on wilmar-international.com: CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.
Compliance Impact
PCI-DSS 4.0Req 6.4.1
Security headers are required application controls
OWASPSecure Headers
Recommended baseline for web applications
Remediation Steps
1
Add Content-Security-Policy header (start with report-only to avoid breakage)
2
Add: X-Content-Type-Options: nosniff
3
Add: Referrer-Policy: strict-origin-when-cross-origin
4
Add: Permissions-Policy: camera=(), microphone=(), geolocation=()
5
Verify with: curl -sI https://wilmar-international.com | grep -iE 'content-security|x-frame|x-content|referrer|permissions'
3
Enable DNSSEC on your domain
Without DNSSEC, DNS responses for wilmar-international.com can be spoofed, potentially redirecting users to malicious sites. This requires coordination with your domain registrar to publish DS records.
Compliance Impact
NIST 800-53SC-20
Secure name/address resolution service
Remediation Steps
1
Check if your DNS provider supports DNSSEC (Cloudflare, Route53, etc.)
2
Enable DNSSEC signing in your DNS provider dashboard
3
Add the DS record to your registrar for .com TLD
4
Verify: dig +dnssec wilmar-international.com
4
Review certificate configuration
Certificate issues found for wilmar-international.com: wildcard certificate in use. Wildcard certificates have a broader blast radius if compromised. These are operational hygiene items, not immediate security risks.
Remediation Steps
1
Consider replacing wildcard cert with individual certs for critical subdomains
2
Consolidate certificate issuance to 1–2 trusted CAs
Scan Findings
Security Headers
Critical
DMARC / Email Security
Warning
DNS Configuration
Warning
Certificate Hygiene
Warning
Known Breaches
Healthy
TLS Configuration
Healthy
HSTS Header
Healthy
CVE Exposure
Healthy