Goodman Group

goodman.com.au

Construction

Security Score

62/100

Below average security posture. Significant improvements needed. 1 high severity issue found. Strong in: dns, files, general.

Scanned 6 days ago

Is this your business?

Claim this page to get detailed reports, request re-scans, and manage your profile.

Outdated TLS protocol

HIGH

TLS

The server does not support TLS 1.2 or 1.3.

Recommendation: Enable TLS 1.2 and TLS 1.3 support.

Missing DMARC record

MEDIUM

DNS

No DMARC record found. DMARC builds on SPF and DKIM to prevent email spoofing.

Recommendation: Add a DMARC record at _dmarc.yourdomain.com

Missing HSTS header

MEDIUM

TLS

HTTP Strict Transport Security is not enabled.

Recommendation: Add the Strict-Transport-Security header to enforce HTTPS.

Missing X-Frame-Options

MEDIUM

HEADERS

No X-Frame-Options header found. This allows the site to be framed.

Recommendation: Add X-Frame-Options: DENY or SAMEORIGIN header.

Missing X-Content-Type-Options

MEDIUM

HEADERS

No X-Content-Type-Options header found.

Recommendation: Add X-Content-Type-Options: nosniff header.

Missing CAA records

LOW

DNS

No CAA records found. CAA records specify which CAs can issue certificates.

Recommendation: Add CAA records to restrict certificate issuance to trusted CAs.

Missing Referrer-Policy

LOW

HEADERS

No Referrer-Policy header found.

Recommendation: Add a Referrer-Policy header (e.g., strict-origin-when-cross-origin).

Missing Permissions-Policy

LOW

HEADERS

No Permissions-Policy header found.

Recommendation: Add a Permissions-Policy header to control browser features.

No security.txt found

LOW

FILES

No security.txt file was found. This file helps security researchers contact you.

Recommendation: Add a security.txt file at /.well-known/security.txt per RFC 9116.

No robots.txt found

INFO

FILES

No robots.txt file was found at the root.

Recommendation: Consider adding a robots.txt file to control crawler behavior.