Trust & Security
We publish live, third-party scan results so you can independently verify our security posture at any time. Click any scanner below to run a fresh check against siptoolboxs.com.
Independent scanners
SSL Labs
TLS / certificate configuration grade.
Target: A+
Mozilla Observatory
HTTPS, headers, and modern web security best-practices.
Target: A+
SecurityHeaders.com
HTTP response security header grade.
Target: A
Google Safe Browsing
Status against Google's malware & phishing database.
Target: Clean
VirusTotal
Aggregated reputation across 70+ security vendors.
Target: Clean
OWASP ZAP
Automated dynamic application security testing (run internally on each release).
Target: No high-risk
What we harden
- HTTP Strict Transport Security (HSTS) with preload + 1 year max-age
- Content-Security-Policy restricting sources, base-uri, form-action
- X-Frame-Options: SAMEORIGIN (clickjacking protection)
- X-Content-Type-Options: nosniff
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy locking down camera, mic, geolocation, payment, USB
- Cross-Origin-Opener-Policy & Cross-Origin-Resource-Policy
- TLS 1.2+ only, modern cipher suites, automatic certificate renewal
- Password breach (HIBP) check + 12-char strong-password policy
- Email verification required for all accounts
- 30-minute idle session timeout & secure password reset
Report a vulnerability
Found a security issue? Please email security@siptoolboxs.com. We respond within 2 business days and credit responsible disclosures.