What is the security status of cursor.sh?

cursor.sh has a security score of 70/100, rated as Safe. The website demonstrates good security practices.

Is cursor.sh safe to use?

Our security scan shows cursor.sh is Safe. SSL security issues detected. Always practice safe browsing habits.

Does cursor.sh have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 70/100, the website is rated as Safe. However, websites can change over time, so always use updated security software.

What is cursor.sh's trust score?

cursor.sh has a security score of 70/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is cursor.sh Safe? Security Analysis for Cursor

https://cursor.sh

Check if cursor.sh is a scam or legitimate. Free security scan and reviews.

TechnologyN/asmall

Next.jsReactVercel AnalyticsVercel Speed InsightsAWS DNS

Analyzed 8/3/2025Completed 9:54:17 PM

Security Score

MEDIUM RISK

AI Summary

Cursor is a technology company offering an AI-powered code editor designed to enhance developer productivity through intelligent code prediction, natural language editing, and deep codebase understanding. Positioned as a modern alternative to existing AI coding tools, Cursor targets software developers and engineering teams seeking advanced AI assistance integrated directly into their coding environment. The company emphasizes privacy with SOC 2 certification and options to prevent remote code storage. Technically, the website is built on a modern Next.js framework, hosted on Vercel, and employs advanced performance and accessibility features. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and formal security policies are not published. Overall, the site is professional, trustworthy, and well-optimized, though it lacks explicit privacy and cookie policies which impacts compliance scores.

Detected Technologies

Next.jsReactVercel AnalyticsVercel Speed InsightsAWS DNS

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Cursor operates in the competitive AI developer tools market, leveraging frontier AI models to deliver smart coding assistance. Its business model includes downloadable software for multiple platforms and enterprise solutions, targeting professional developers and organizations. The company has established credibility through SOC 2 certification and endorsements from notable tech companies like OpenAI, Google, and Figma. The partnership with Anysphere and active presence on GitHub, Twitter, and Discord indicate a strong developer community engagement. Growth indicators include frequent feature updates and a focus on privacy options, positioning Cursor as a premium AI coding assistant with a focus on security and user trust.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

h*****@cursor.com

Security Posture Analysis

Comprehensive Security Assessment

Cursor demonstrates a mature security posture with HTTPS enforced, domain transfer lock, and SOC 2 certification indicating strong internal controls. The option for Privacy Mode to avoid remote code storage is a significant privacy feature. However, the absence of DNSSEC reduces DNS security, and no public security policy or incident response contact is provided, which are gaps in transparency and preparedness. No vulnerabilities or exposed sensitive data were detected in the analysis. The site uses modern frameworks and hosting providers with good security reputations. Overall, the security maturity is good but could be improved with published policies and DNSSEC.

Strategic Recommendations

Priority Actions for Security Improvement

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Cursor

Description:

Built to make you extraordinarily productive, Cursor is the best way to code with AI.

Key Services:

AI code editorCode prediction and completionCodebase knowledge and queryingNatural language code editingEnterprise solutions

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

Next.jsReactVercel AnalyticsVercel Speed InsightsAWS DNS

Frameworks:

Next.js

Platforms:

WebWindowsmacOSLinux

Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

80/100

Best Practices:

HTTPS enabled
Domain status clientTransferProhibited
SOC 2 certification
Privacy mode option to not store code remotely

Analytics & Tracking

Services:

Vercel Analytics

Tracking Level:minimal

Privacy Compliance:basic

Advertising & Marketing

Tracking Pixels:

Vercel Analytics

Marketing Tools:

Vercel Speed Insights

Transparency Level:basic

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is a professional AI code editor product site

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

85/100

Score

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100

Score

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:_spf.google.com include:stspg-customer.com ~all

DNS Lookups:2/10

Policy:~all

DKIM Selectors Found

Selector:google(1272-bit rsa)

DMARC Details

Policy:none

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

none(1217 days)

Protection Level

basicDNSSEC OFF

DNS Records

A Records:76.76.21.21

Name Servers:

ns-1366.awsdns-42.org

ns-1758.awsdns-27.co.uk

ns-265.awsdns-33.com

ns-682.awsdns-21.net

MX Records:

1: aspmx.l.google.com

10: alt4.aspmx.l.google.com

10: alt3.aspmx.l.google.com

5: alt1.aspmx.l.google.com

5: alt2.aspmx.l.google.com

SOA:Serial: 1, TTL: 86400s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:46ms

SPF Analysis

SPF Record:

v=spf1 include:_spf.google.com include:stspg-customer.com ~all

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using Next.js, a modern React framework, and hosted on Vercel, ensuring fast performance and scalability. It uses Vercel Analytics and Speed Insights for monitoring. The site is mobile-optimized with responsive design and accessibility considerations. The domain is registered with NameCheap and has a long history, supporting legitimacy. No CMS was detected, indicating a custom or framework-based site. The tech stack and hosting choices reflect a modern, well-maintained infrastructure with good performance and SEO optimization. Technical risks are minimal, but enabling DNSSEC and publishing security documentation would strengthen the overall posture.

Analyze Another Website

Is cursor.sh a Scam? Security Check Results - Cursor Reviews

Is cursor.sh Safe? Security Analysis for Cursor

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (1)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

No Cookie Policy found

No Cookie Consent Banner found

No Data Protection Officer mentioned

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

DMARC not enforcing

No DMARC reporting

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Weak Protocols Supported

OCSP Stapling Not Enabled

Certificate Transparency Not Implemented

SSL Certificate Expires Within 90 Days

Partial SSL/TLS Assessment

Protocol Support

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

Domain Delete Lock Not Enabled

DMARC Policy Set to None

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

anysphere.inc