Xero

xero.com.au

Technology

Security Score

67/100

Below average security posture. Significant improvements needed. 1 high severity issue found. Strong in: dns, tls, files, general.

Scanned 3 days ago

Is this your business?

Claim this page to get detailed reports, request re-scans, and manage your profile.

Missing Content-Security-Policy

HIGH

HEADERS

No Content-Security-Policy header found. CSP helps prevent XSS attacks.

Recommendation: Implement a Content-Security-Policy header.

SSL certificate expiring

MEDIUM

TLS

The SSL certificate expires in 24 days.

Recommendation: Plan to renew the SSL certificate soon.

Missing HSTS header

MEDIUM

TLS

HTTP Strict Transport Security is not enabled.

Recommendation: Add the Strict-Transport-Security header to enforce HTTPS.

Missing X-Frame-Options

MEDIUM

HEADERS

No X-Frame-Options header found. This allows the site to be framed.

Recommendation: Add X-Frame-Options: DENY or SAMEORIGIN header.

Missing CAA records

LOW

DNS

No CAA records found. CAA records specify which CAs can issue certificates.

Recommendation: Add CAA records to restrict certificate issuance to trusted CAs.

Missing Referrer-Policy

LOW

HEADERS

No Referrer-Policy header found.

Recommendation: Add a Referrer-Policy header (e.g., strict-origin-when-cross-origin).

Missing Permissions-Policy

LOW

HEADERS

No Permissions-Policy header found.

Recommendation: Add a Permissions-Policy header to control browser features.

No security.txt found

LOW

FILES

No security.txt file was found. This file helps security researchers contact you.

Recommendation: Add a security.txt file at /.well-known/security.txt per RFC 9116.

Email authentication configured

INFO

DNS

SPF, DMARC, and DKIM are all configured for this domain.

No robots.txt found

INFO

FILES

No robots.txt file was found at the root.

Recommendation: Consider adding a robots.txt file to control crawler behavior.