Telstra Corporation

telstra.com.au

Technology

Security Score

70/100

Moderate security posture. Several improvements recommended. 2 high severity issues found. Strong in: dns, tls, files, general.

Scanned 6 days ago

Is this your business?

Claim this page to get detailed reports, request re-scans, and manage your profile.

Outdated TLS protocol

HIGH

TLS

The server does not support TLS 1.2 or 1.3.

Recommendation: Enable TLS 1.2 and TLS 1.3 support.

Missing Content-Security-Policy

HIGH

HEADERS

No Content-Security-Policy header found. CSP helps prevent XSS attacks.

Recommendation: Implement a Content-Security-Policy header.

No DKIM records detected

LOW

DNS

No DKIM records found for common selectors. DKIM provides email authentication.

Recommendation: Configure DKIM signing for your email service.

Missing CAA records

LOW

DNS

No CAA records found. CAA records specify which CAs can issue certificates.

Recommendation: Add CAA records to restrict certificate issuance to trusted CAs.

Missing Referrer-Policy

LOW

HEADERS

No Referrer-Policy header found.

Recommendation: Add a Referrer-Policy header (e.g., strict-origin-when-cross-origin).

Missing Permissions-Policy

LOW

HEADERS

No Permissions-Policy header found.

Recommendation: Add a Permissions-Policy header to control browser features.

No security.txt found

LOW

FILES

No security.txt file was found. This file helps security researchers contact you.

Recommendation: Add a security.txt file at /.well-known/security.txt per RFC 9116.

HSTS does not include subdomains

INFO

TLS

HSTS is not applied to subdomains.

Recommendation: Consider adding includeSubDomains to HSTS if applicable.

No robots.txt found

INFO

FILES

No robots.txt file was found at the root.

Recommendation: Consider adding a robots.txt file to control crawler behavior.