What is the security status of aircall.io?

aircall.io has a security score of 73/100, rated as Safe. The website demonstrates good security practices.

Is aircall.io safe to use?

Our security scan shows aircall.io is Safe. SSL security issues detected. Always practice safe browsing habits.

Does aircall.io have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 73/100, the website is rated as Safe. However, websites can change over time, so always use updated security software.

What is aircall.io's trust score?

aircall.io has a security score of 73/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is aircall.io Safe? Security Analysis for Aircall

https://aircall.io

Check if aircall.io is a scam or legitimate. Free security scan and reviews.

TechnologyFrancelarge

ReactNext.jsVercelGoogle Tag ManagerGoogle Analytics+1 more

Analyzed 9/6/2025Completed 12:53:16 AM

Security Score

MEDIUM RISK

AI Summary

Aircall is a well-established cloud-based business phone system and unified communications platform founded in 2014, headquartered in France with a significant presence in New York. The company serves over 20,000 customers worldwide, offering AI-powered communication tools such as AI Assist Pro and AI Voice Agent, integrated deeply with CRM and helpdesk systems. Their market position is strong in the technology and telecommunications sectors, targeting businesses of various sizes and industries globally. The website reflects a mature digital presence with excellent content quality, clear navigation, and professional branding. Technically, Aircall employs modern web technologies including React and Next.js, hosted on Vercel with DNS managed via AWS Route53. The site is optimized for performance, mobile responsiveness, and accessibility, with comprehensive SEO and privacy compliance measures such as cookie consent mechanisms. Analytics and marketing tools like Google Tag Manager and OneTrust are used responsibly, indicating a moderate level of user tracking aligned with privacy standards. From a security perspective, the website enforces HTTPS, uses standard security headers, and maintains a clientTransferProhibited domain status, enhancing domain security. However, there is no explicit security policy or incident response contact published, nor a vulnerability disclosure program, which are areas for improvement. The WHOIS data is consistent with the business claims, showing a long-standing domain registration that supports legitimacy. Overall, Aircall presents a secure, professional, and trustworthy online presence with strong business credibility and technical maturity. Strategic recommendations include enabling DNSSEC, publishing security policies and incident response contacts, and establishing a vulnerability disclosure program to further enhance trust and security posture.

Detected Technologies

ReactNext.jsVercelGoogle Tag ManagerGoogle AnalyticsOneTrust Cookie Consent

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Aircall operates in the cloud telephony and unified communications market, leveraging AI to differentiate its offerings. Its SaaS subscription model targets sales, IT, and customer support teams across industries and business sizes. The company has a broad integration ecosystem with over 200+ integrations including Salesforce, HubSpot, and Zendesk, enhancing its competitive advantage. Growth indicators include a large customer base and continuous product innovation with AI features. Partnerships and a strong social media presence support brand visibility and market reach. The business model focuses on delivering scalable, AI-enhanced communication solutions that improve team performance and customer engagement.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

m*****@aircall.io

Phone Numbers (1)

+1888240****

Physical Addresses (1)

44 W 28th Street, New York, NY 10001, US

Security Posture Analysis

Comprehensive Security Assessment

The security posture of Aircall's website is solid with HTTPS enforcement, use of security headers, and domain transfer protection. The presence of cookie consent and privacy policies indicates compliance with GDPR and related regulations. However, the absence of a published security policy, incident response contact, and vulnerability disclosure program suggests gaps in transparency and incident readiness. No vulnerabilities or exposed sensitive data were detected in the analysis. The security score is high but could be improved by adopting best practices in security communication and disclosure.

Strategic Recommendations

Priority Actions for Security Improvement

Enable DNSSEC on the domain to improve DNS security and prevent spoofing.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Aircall

Description:

Aircall is a leading cloud-based business phone system and unified communications platform, serving over 20,000 customers worldwide with AI-first tools, omnichannel messaging, and deep CRM/helpdesk integrations.

Key Services:

Cloud-based voice platformOmnichannel messagingAI Assist ProAI Voice Agent

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

ReactNext.jsVercelGoogle Tag ManagerGoogle AnalyticsOneTrust Cookie Consent

Frameworks:

Next.js

Platforms:

Vercel

Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

85/100

Best Practices:

HTTPS enforced
ClientTransferProhibited domain status
Use of security headers
Cookie consent mechanism implemented

Analytics & Tracking

Services:

Google AnalyticsGoogle Tag Manager

Tracking Level:moderate

Privacy Compliance:good

Advertising & Marketing

Marketing Tools:

OneTrust Cookie Consent

Transparency Level:good

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is fully accessible with rich content and professional design.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100

Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

29/100

Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

82/100

Score

Complex SPF record

LOW

Too many include statements can cause lookup limits

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:_spf.google.com include:stspg-customer.com include:mail.zendesk.com exists:%{i}._spf.mta.salesforce.com include:spf.mandrillapp.com include:48407761.spf01.hubspotemail.net include:%{i}.ip.%{s}.sender._spf.dmarc-expert.com ~all

DNS Lookups:7/10

Policy:~all

DKIM Selectors Found

Selector:google(1296-bit rsa)

Selector:k1(1296-bit rsa)

Selector:mail(1296-bit rsa)

DMARC Details

Policy:reject

Aggregate Reports:aircall@dr.dmarc.fr

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100

Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 67 days

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age

11 years(mature)

Expiry Risk

none(392 days)

Protection Level

basicDNSSEC OFF

DNS Records

A Records:76.76.21.21

Name Servers:

ns-1149.awsdns-15.org

ns-1883.awsdns-43.co.uk

ns-34.awsdns-04.com

ns-745.awsdns-29.net

MX Records:

1: aspmx.l.google.com

10: aspmx2.googlemail.com

10: aspmx3.googlemail.com

5: alt1.aspmx.l.google.com

5: alt2.aspmx.l.google.com

SOA:Serial: 1, TTL: 86400s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:78ms

SPF Analysis

SPF Record:

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

Aircall's website is built on a modern technology stack including React and Next.js, hosted on Vercel with AWS DNS services. The site demonstrates fast loading times, mobile optimization, and good accessibility features. Use of Storyblok CMS enables flexible content management. Analytics and marketing integrations are implemented with privacy considerations. The technical infrastructure supports scalability and performance, with no critical technical debt or vulnerabilities detected. Opportunities exist to further enhance DNS security and formalize security communication practices.

Analyze Another Website

Is aircall.io a Scam? Security Check Results - Aircall Reviews

Is aircall.io Safe? Security Analysis for Aircall

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (1)

Phone Numbers (1)

Physical Addresses (1)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing X-Frame-Options header

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

Complex SPF record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Weak Protocols Supported

OCSP Stapling Not Enabled

Certificate Transparency Not Implemented

SSL Certificate Expires Within 90 Days

Partial SSL/TLS Assessment

Protocol Support

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

Domain Delete Lock Not Enabled

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings