Skip to content

Australian ASX Domain Security ReportΒΆ

I do a lot of work with Australian ASX companies, so naturally I've been inspired by Scott Helme's Crawler Ninja project to get a sense of where the security posture of all these companies sits. There's a ton of information that every website reveals about itself, so by simply looking at what they publicly tell the world, let's do a bit of a deep dive for the month of July.

Looking across around 300 domains for the top 300 ASX companies within Australia, there are some interesting take-aways for me.

  • Security headers are not well deployed. It is something really simple to do; in most cases it's a simple nginx or Apache configuration to just add some headers and make the site more secure, yet somehow we're stuck with very low adoption. Implementing security headers is really easy to do and can add a huge amount of value in a very short space of time.
  • I was surprised at the low IPv6 support (19%). With the IPv4 space being depleted, I would expect the IPv6 adoption to be much further along than what we're seeing today.
  • TLS1.3 support was on the other hand well adopted at around 86%.
  • Cloudflare appears to be the CDN used the most (23%) within Australia.
  • It was interesting seeing around 43% of the top 300 ASX companies using Let's Encrypt as their certificate provider. I don't have anything against Let's Encrypt. I do however believe in the You get what you pay for mindset. If the cert is free, don't expect too much from it.

I have sourced the list of domains from various places. Chances are there are some mistakes or company domain names that may need to be included. You're welcome to contribute to the source file, be it a correction or additional domain names to check.

Full Detailed reportΒΆ

The full details of all checks (excluding the actual domain that was was checked) is listed below.

πŸ”’ Security Tests ResultsΒΆ

Boolean security checks (true = secure, false = insecure)

test description 2025-07
http_redirect_https HTTP Redirects to HTTPS 90%
https_port_enabled HTTPS Port Enabled 100%
https_header_hsts HSTS Header Present 42%
https_header_csp CSP Header Present 14%
https_header_xframe X-Frame-Options Header 22%
security_txt_exists Security.txt File Exists 6%
dns_record_spf SPF Record Present 94%
dns_record_dmarc DMARC Record Present 85%
dns_record_mx MX Record Present 92%
ipv6_support_enabled IPv6 Support Enabled 19%
tls_protocol_v13 TLS 1.3 Protocol Support 86%
ssl_cert_valid SSL Certificate Valid 100%

πŸ“Š Infrastructure AnalysisΒΆ

Cross-tabulation showing percentage of domains per category per month (sorted by latest month)

Web Server SoftwareΒΆ

result 2025-07
1%
AkamaiGHost 2%
AmazonS3 1%
Apache 10%
BigIP 1%
CloudFront 2%
Flywheel/5.1.0 1%
GitHub.com 0%
LiteSpeed 8%
Microsoft-Azure-Application-Gateway/v2 1%
Microsoft-IIS 4%
Netlify 2%
Pagely-ARES/1.22.2 0%
Pepyaka 1%
Squarespace 0%
Sucuri/Cloudproxy 0%
Vercel 2%
awselb/2.0 4%
cloudflare 23%
mw-web.codfw.main-7f88fddc7c-zdsvc 0%
nginx 13%
none 22%
openresty 1%
tcom-fe 0%

SSL Certificate IssuerΒΆ

result 2025-07
Amazon 9%
COMODO CA Limited 0%
Corporation Service Company 2%
DigiCert 16%
Entrust 1%
GlobalSign nv-sa 2%
GoDaddycom 2%
Google Trust Services 19%
IdenTrust 0%
Let's Encrypt 43%
SSL Corporation 1%
Sectigo Limited 4%
Starfield Technologies 0%
ZeroSSL 0%

Domain RegistrarΒΆ

result 2025-07
Amazon Registrar, Inc. 2%
CSC Corporate Domains, Inc. 0%
Cloudflare, Inc. 1%
DYNADOT LLC 0%
ENOM, INC. 1%
Freeparking Limited 0%
GoDaddy.com, LLC 2%
Instra Corporation Pty Ltd. 1%
Key-Systems GmbH 7%
MarkMonitor Inc. 1%
Moniker Online Services LLC 0%
Network Solutions, LLC 3%
Sea Wasp, LLC 1%
TUCOWS, INC. 1%
Webcentral Group Ltd 4%
easyDNS Technologies, Inc. 1%
united domains AG 0%
unknown 74%

Email Service ProviderΒΆ

result 2025-07
1&1 IONOS 0%
Australian Local Provider 1%
Barracuda 1%
Email Security/Filter 1%
Google Workspace 4%
IPHMX Mail Service 2%
Mimecast 16%
Net Registry 0%
Office 365 41%
PPE Hosted 1%
ProofPoint 22%
Sophos 0%
Symantec MessageLabs 0%
Trend Micro 1%
unknown 10%

🏒 Security by Sector¢

Security performance breakdown by industry sector

HTTP Redirects to HTTPSΒΆ

Sector Score
Basic Materials 89%
Capital Goods 100%
Communication Services 93%
Consumer Cyclical 89%
Consumer Defensive 100%
Consumer Discretionary 83%
Consumer Staples 71%
Energy 93%
Financial Services 87%
Financials 89%
Health Care 75%
Healthcare 95%
Industrials 100%
Information Technology 80%
Materials 78%
Real Estate 93%
Technology 94%
Telecommunication Services 100%
Utilities 83%

HTTPS Port EnabledΒΆ

Sector Score
Basic Materials 100%
Capital Goods 100%
Communication Services 100%
Consumer Cyclical 100%
Consumer Defensive 100%
Consumer Discretionary 100%
Consumer Staples 100%
Energy 100%
Financial Services 100%
Financials 100%
Health Care 100%
Healthcare 100%
Industrials 100%
Information Technology 100%
Materials 100%
Real Estate 100%
Technology 100%
Telecommunication Services 100%
Utilities 100%

HSTS Header PresentΒΆ

Sector Score
Basic Materials 45%
Capital Goods 0%
Communication Services 43%
Consumer Cyclical 54%
Consumer Defensive 44%
Consumer Discretionary 0%
Consumer Staples 29%
Energy 40%
Financial Services 48%
Financials 33%
Health Care 0%
Healthcare 26%
Industrials 46%
Information Technology 20%
Materials 33%
Real Estate 50%
Technology 50%
Telecommunication Services 25%
Utilities 50%

CSP Header PresentΒΆ

Sector Score
Basic Materials 21%
Capital Goods 0%
Communication Services 14%
Consumer Cyclical 32%
Consumer Defensive 19%
Consumer Discretionary 0%
Consumer Staples 14%
Energy 20%
Financial Services 6%
Financials 0%
Health Care 0%
Healthcare 5%
Industrials 14%
Information Technology 0%
Materials 6%
Real Estate 18%
Technology 6%
Telecommunication Services 0%
Utilities 17%

X-Frame-Options HeaderΒΆ

Sector Score
Basic Materials 32%
Capital Goods 0%
Communication Services 29%
Consumer Cyclical 32%
Consumer Defensive 31%
Consumer Discretionary 17%
Consumer Staples 14%
Energy 40%
Financial Services 10%
Financials 22%
Health Care 0%
Healthcare 16%
Industrials 25%
Information Technology 0%
Materials 6%
Real Estate 14%
Technology 31%
Telecommunication Services 0%
Utilities 33%

Security.txt File ExistsΒΆ

Sector Score
Basic Materials 3%
Capital Goods 0%
Communication Services 14%
Consumer Cyclical 0%
Consumer Defensive 0%
Consumer Discretionary 0%
Consumer Staples 0%
Energy 7%
Financial Services 13%
Financials 0%
Health Care 0%
Healthcare 11%
Industrials 4%
Information Technology 0%
Materials 11%
Real Estate 7%
Technology 19%
Telecommunication Services 25%
Utilities 0%

SPF Record PresentΒΆ

Sector Score
Basic Materials 97%
Capital Goods 100%
Communication Services 100%
Consumer Cyclical 93%
Consumer Defensive 100%
Consumer Discretionary 100%
Consumer Staples 71%
Energy 80%
Financial Services 97%
Financials 78%
Health Care 75%
Healthcare 100%
Industrials 100%
Information Technology 40%
Materials 78%
Real Estate 100%
Technology 100%
Telecommunication Services 100%
Utilities 100%

DMARC Record PresentΒΆ

Sector Score
Basic Materials 89%
Capital Goods 100%
Communication Services 93%
Consumer Cyclical 82%
Consumer Defensive 100%
Consumer Discretionary 83%
Consumer Staples 71%
Energy 73%
Financial Services 97%
Financials 33%
Health Care 50%
Healthcare 100%
Industrials 89%
Information Technology 60%
Materials 44%
Real Estate 93%
Technology 94%
Telecommunication Services 100%
Utilities 100%

MX Record PresentΒΆ

Sector Score
Basic Materials 97%
Capital Goods 100%
Communication Services 86%
Consumer Cyclical 82%
Consumer Defensive 88%
Consumer Discretionary 100%
Consumer Staples 86%
Energy 93%
Financial Services 90%
Financials 78%
Health Care 75%
Healthcare 100%
Industrials 100%
Information Technology 100%
Materials 83%
Real Estate 100%
Technology 94%
Telecommunication Services 100%
Utilities 100%

IPv6 Support EnabledΒΆ

Sector Score
Basic Materials 18%
Capital Goods 0%
Communication Services 21%
Consumer Cyclical 11%
Consumer Defensive 25%
Consumer Discretionary 33%
Consumer Staples 14%
Energy 20%
Financial Services 10%
Financials 11%
Health Care 25%
Healthcare 16%
Industrials 29%
Information Technology 20%
Materials 17%
Real Estate 32%
Technology 19%
Telecommunication Services 0%
Utilities 33%

TLS 1.3 Protocol SupportΒΆ

Sector Score
Basic Materials 97%
Capital Goods 100%
Communication Services 64%
Consumer Cyclical 93%
Consumer Defensive 94%
Consumer Discretionary 100%
Consumer Staples 100%
Energy 93%
Financial Services 68%
Financials 67%
Health Care 75%
Healthcare 79%
Industrials 82%
Information Technology 60%
Materials 100%
Real Estate 96%
Technology 94%
Telecommunication Services 75%
Utilities 50%

SSL Certificate ValidΒΆ

Sector Score
Basic Materials 100%
Capital Goods 100%
Communication Services 100%
Consumer Cyclical 100%
Consumer Defensive 100%
Consumer Discretionary 100%
Consumer Staples 100%
Energy 100%
Financial Services 100%
Financials 100%
Health Care 100%
Healthcare 100%
Industrials 96%
Information Technology 100%
Materials 100%
Real Estate 100%
Technology 100%
Telecommunication Services 100%
Utilities 100%