What is the security status of deliveroo.sg?

deliveroo.sg has a security score of 65/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is deliveroo.sg safe to use?

Our security scan shows deliveroo.sg is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does deliveroo.sg have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 65/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is deliveroo.sg's trust score?

deliveroo.sg has a security score of 65/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is deliveroo.sg Safe? Security Analysis for Deliveroo

https://deliveroo.sg

Check if deliveroo.sg is a scam or legitimate. Free security scan and reviews.

TransportationSingaporelarge

React (Next.js)Cloudflare DNSGoogle Tag ManagerOneTrust Cookie ConsentPolyfill.io+2 more

Analyzed 8/2/2025Completed 5:11:24 PM

Security Score

MEDIUM RISK

AI Summary

Deliveroo is a leading online food and grocery delivery platform operating in Singapore, connecting consumers with local restaurants and shops. The company offers a seamless digital experience through its website and mobile apps, enabling users to order food and essential groceries with real-time order tracking. Deliveroo's market position is strong, supported by a consistent brand presence and a comprehensive service offering including restaurant partnerships, rider recruitment, and corporate food solutions. Technically, the website leverages modern frameworks such as React and Next.js, is hosted via Cloudflare, and integrates advanced tracking and consent management tools, reflecting a mature digital infrastructure. Security posture is robust with HTTPS enforcement, security headers, and bot detection mechanisms, although DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Overall, the platform demonstrates high professionalism, good privacy compliance, and a trustworthy user experience.

Detected Technologies

React (Next.js)Cloudflare DNSGoogle Tag ManagerOneTrust Cookie ConsentPolyfill.ioPerimeterX (bot detection)Stripe (payment processing)

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Deliveroo operates in the transportation and e-commerce sectors, focusing on food and grocery delivery. Its business model is platform-based, generating revenue through commissions from restaurant partners and delivery fees. The company targets urban consumers seeking convenience and variety in food options. Deliveroo's competitive advantage lies in its extensive restaurant network, real-time tracking technology, and strong brand recognition. The company maintains a global presence with localized operations, including Singapore. Partnerships with restaurants and rider recruitment are key growth drivers. The website supports multiple languages and regions, indicating a scalable and adaptable business model. Deliveroo also invests in corporate services, expanding its market reach. The presence of social media and app store links supports customer engagement and retention strategies.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

h*****@deliveroo.fr

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a mature security posture with HTTPS enforced and multiple security headers implemented, reducing risks such as clickjacking and MIME sniffing. The domain is secured with clientTransferProhibited status, preventing unauthorized transfers. Bot detection via PerimeterX is active, enhancing protection against automated threats. Cookie consent is managed through OneTrust, supporting privacy compliance. However, the absence of DNSSEC is a minor gap in DNS security. No explicit security policy or incident response contact information is published, which could hinder vulnerability reporting and incident management. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the security posture is strong but could be improved by publishing security policies and enabling DNSSEC.

Strategic Recommendations

Priority Actions for Security Improvement

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Deliveroo

Description:

Deliveroo delivers takeaway food and essential groceries from local restaurants and shops directly to customers' doors. It offers an app and online ordering platform.

Key Services:

Food deliveryGrocery deliveryRestaurant partnershipsRider recruitmentCorporate food services (Deliveroo for Work)

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

React (Next.js)Cloudflare DNSGoogle Tag ManagerOneTrust Cookie ConsentPolyfill.ioPerimeterX (bot detection)Stripe (payment processing)

Frameworks:

Next.jsReact

Platforms:

WebiOSAndroid

Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

90/100

Best Practices:

HTTPS enforced
Client transfer prohibited domain status
Use of bot detection (PerimeterX)
Cookie consent mechanism
No exposed sensitive data in HTML

Analytics & Tracking

Services:

Google Tag Manager

Tracking Level:moderate

Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:

PerimeterX

Marketing Tools:

OneTrust Cookie Consent

Transparency Level:good

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is fully accessible with rich content and interactive features.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

60/100

Score

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

25/100

Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

60/100

Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100

Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 76 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:deliveroo.com.sg

Issuer:WE1

Valid Until:10/17/2025 (76 days)

SANs:deliveroo.com.sg, *.order-staging.deliveroo.com.sg, *.order.deliveroo.com.sg +1 more

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

45/100

Score

DNS Resolution Failed

CRITICAL

Unable to resolve domain A records

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age

1 years(established)

Expiry Risk

none(355880 days)

Protection Level

moderateDNSSEC OFF

DNS Records

Name Servers:

dsany2.sgnic.sg

dsany3.sgnic.sg

dsany4.sgnic.sg

pch.sgzones.sg

SOA:Serial: 2508021700, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:79ms

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern web technologies including React and Next.js, ensuring a performant and responsive user experience. Hosting and DNS are managed via Cloudflare, providing CDN and security benefits. The site uses Google Tag Manager for analytics and tracking, and OneTrust for cookie consent management, reflecting compliance with privacy regulations. The use of Storyblok as a headless CMS enables flexible content management. Performance is optimized with preloading of fonts and stylesheets, and accessibility features such as skip links and ARIA labels are present. The site is mobile-optimized with app download links prominently displayed. No technical debt or deprecated technologies were observed. Overall, the technical infrastructure is modern, scalable, and well-maintained.

Analyze Another Website

Is deliveroo.sg a Scam? Security Check Results - Deliveroo Reviews

Is deliveroo.sg Safe? Security Analysis for Deliveroo

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (1)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

👤GDPR Compliance

GDPR Compliance

No Cookie Policy found

No Cookie Consent Banner found

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

No DKIM record found

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

No email authentication configured

🏆SSL/TLS Security

SSL/TLS Security

SSL Certificate Expires Within 90 Days

Weak SSL Key Length

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNS Resolution Failed

DNSSEC Not Enabled

CAA Records Not Configured

No DMARC Record

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

restaurants.deliveroo.com

deliveroo.co.uk

deliveroo.com.au