Trust & Security

We publish live, third-party scan results so you can independently verify our security posture at any time. Click any scanner below to run a fresh check against siptoolboxs.com.

Independent scanners

What we harden

  • HTTP Strict Transport Security (HSTS) with preload + 1 year max-age
  • Content-Security-Policy restricting sources, base-uri, form-action
  • X-Frame-Options: SAMEORIGIN (clickjacking protection)
  • X-Content-Type-Options: nosniff
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy locking down camera, mic, geolocation, payment, USB
  • Cross-Origin-Opener-Policy & Cross-Origin-Resource-Policy
  • TLS 1.2+ only, modern cipher suites, automatic certificate renewal
  • Password breach (HIBP) check + 12-char strong-password policy
  • Email verification required for all accounts
  • 30-minute idle session timeout & secure password reset

Report a vulnerability

Found a security issue? Please email security@siptoolboxs.com. We respond within 2 business days and credit responsible disclosures.