Real-Time Security Header Score For Well Known Cyber Security Firms
FIRM | USING DNSSEC | WEB SERVER | GRADE | SCORE (25 possible) | SECURITY LEVEL |
---|---|---|---|---|---|
arcticwolf.com | No | AmazonS3 | C | 6 | Amateur |
barracuda.com | No | Unknown | D+ | 4 | Unskilled |
beyondtrust.com | Yes | Unknown | C | 6 | Amateur |
binarydefense.com | No | cloudflare | D- | 2 | Weak |
bitdefender.com | No | cloudflare | C | 7 | Amateur |
bugcrowd.com | Yes | nginx | F- | -2 | Unplug |
carbonblack.com | No | Apache & Pagely-ARES/1.20.3 & cloudflare | B+ | 13 | Professional |
checkpoint.com | Yes | CloudFront | D- | 2 | Weak |
www.cisco.com | No | Unknown | C | 7 | Amateur |
cloudflare.com | Yes | cloudflare | C- | 5 | Novice |
coalfire.com | No | Apache/2.4.62 (Debian) & Caddy | C | 6 | Amateur |
code42.com | Yes | cloudflare | D | 3 | Mediocre |
comodo.com | No | NuCDN/v2.60.1 | E | 1 | Poor |
coro.net | No | cloudflare | E | 1 | Poor |
crowdstrike.com | Yes | cloudflare | C+ | 8 | Qualified |
cyberark.com | Yes | cloudflare | C | 6 | Amateur |
cybereason.com | No | cloudflare | C | 7 | Amateur |
cyble.com | Yes | nginx | D+ | 4 | Unskilled |
cynet.com | No | cloudflare | C | 7 | Amateur |
darktrace.com | Yes | Unknown | C+ | 8 | Qualified |
dashlane.com | Yes | cloudflare | C+ | 8 | Qualified |
deepinstinct.com | No | Netlify | C- | 5 | Novice |
deepwatch.com | No | CloudFront & cloudflare | C | 6 | Amateur |
detectify.com | No | Unknown | D- | 2 | Weak |
digitaldefense.com | No | cloudflare & nginx | C- | 5 | Novice |
eset.com | No | nginx | D | 3 | Mediocre |
f5.com | No | volt-adc | C | 7 | Amateur |
fastly.com | No | Artisanal bits | C- | 5 | Novice |
f-secure.com | No | AkamaiGHost & Netlify | C+ | 8 | Qualified |
forcepoint.com | Yes | Varnish | F- | -1 | Unplug |
fortinet.com | No | Apache | D+ | 4 | Unskilled |
gigamon.com | No | Apache & cloudflare | D+ | 4 | Unskilled |
grayanalytics.com | No | cloudflare | F- | -3 | Unplug |
hackerone.com | Yes | cloudflare | B- | 9 | Trained |
humansecurity.com | Yes | cloudflare | C- | 5 | Novice |
huntress.com | No | Unknown | E | 1 | Poor |
ibm.com | No | AkamaiGHost | C- | 5 | Novice |
illusive.com | No | nginx | C- | 5 | Novice |
imperva.com | No | Unknown | F- | -1 | Unplug |
jumpcloud.com | Yes | cloudflare | F- | -1 | Unplug |
jupiterone.com | No | Unknown | D- | 2 | Weak |
kaspersky.com | No | Unknown | D- | 2 | Weak |
knowbe4.com | Yes | cloudflare | D+ | 4 | Unskilled |
leidos.com | No | cloudflare | D- | 2 | Weak |
lightstream.io | No | cloudflare | E | 1 | Poor |
lookout.com | No | AmazonS3 | C | 6 | Amateur |
mcafee.com | No | awselb/2.0 | C+ | 8 | Qualified |
microsoft.com | No | AkamaiNetStorage & Kestrel | F | 0 | Inept |
okta.com | No | Apache & cloudflare | C | 6 | Amateur |
onetrust.com | Yes | cloudflare | D- | 2 | Weak |
orca.security | No | cloudflare | C | 6 | Amateur |
paloaltonetworks.com | Yes | Apache | C | 6 | Amateur |
proofpoint.com | No | nginx | C- | 5 | Novice |
qualys.com | Yes | nginx | C | 6 | Amateur |
radware.com | No | rdwr | D+ | 4 | Unskilled |
rapid7.com | No | Unknown | C | 7 | Amateur |
reblaze.com | No | openresty | C | 7 | Amateur |
redcanary.com | No | nginx | C+ | 8 | Qualified |
redsift.com | Yes | CloudFront | D+ | 4 | Unskilled |
revbits.com | Yes | Unknown | F | 0 | Inept |
rsa.com | No | Pantheon & nginx | D+ | 4 | Unskilled |
rubrik.com | No | Unknown | C | 7 | Amateur |
safebreach.com | Yes | cloudflare | C+ | 8 | Qualified |
secureworks.com | No | cloudflare | B+ | 13 | Professional |
sentinelone.com | No | cloudflare & nginx | E | 1 | Poor |
slashnext.com | No | cloudflare | E | 1 | Poor |
snyk.io | No | Vercel | C- | 5 | Novice |
sumologic.com | Yes | AmazonS3 & awselb/2.0 | F | 0 | Inept |
symantec.com | No | Apache & cloudflare | B+ | 13 | Professional |
threatlocker.com | No | Unknown | C | 7 | Amateur |
threatq.com | No | cloudflare | D+ | 4 | Unskilled |
trendmicro.com | Yes | AkamaiGHost & nginx | D- | 2 | Weak |
trustwave.com | Yes | cloudflare | C | 6 | Amateur |
tufin.com | No | cloudflare | C+ | 8 | Qualified |
vadesecure.com | No | cloudflare | C | 7 | Amateur |
webroot.com | No | Apache | D | 3 | Mediocre |
zscaler.com | No | Apache & cloudflare | E | 1 | Poor |
A site starts at 0 points and gains points for OWASP top ten security headers. You lose points by exposing information like web server, language, etc. | |||||
Many of these cybersecurity firms should be embarrassed. |