What is the security status of geojs.io?

geojs.io has a security score of 71/100, rated as Safe. The website demonstrates good security practices.

Is geojs.io safe to use?

Our security scan shows geojs.io is Safe. SSL security issues detected. Always practice safe browsing habits.

Does geojs.io have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 71/100, the website is rated as Safe. However, websites can change over time, so always use updated security software.

What is geojs.io's trust score?

geojs.io has a security score of 71/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is geojs.io Safe? Security Analysis for GeoJS

https://geojs.io

Check if geojs.io is a scam or legitimate. Free security scan and reviews.

TechnologyN/asmall

JavaScriptHugoBulma CSSNetlifyCloudflare

Analyzed 10/3/2025Completed 4:08:24 PM

Security Score

MEDIUM RISK

AI Summary

GeoJS is a small technology company providing a highly available REST/JSON/JSONP IP Geolocation lookup API service. The website is professionally designed and targets developers and businesses requiring geolocation data for IP addresses. The business model is based on offering free API access supported by sponsorships from reputable technology companies such as DigitalOcean, Cloudflare, and DNS Spy. The site includes useful features like ChatOps integration and multiple data formats with no current rate limits. Technically, the website is built using modern static site generation technology (Hugo), styled with Bulma CSS, and hosted on Netlify with backend API services powered by DigitalOcean and Cloudflare CDN. The site is fast, mobile optimized, and accessible with good SEO practices. The use of HTTPS is enforced, but some security headers are not explicitly detected in the HTML content. From a security perspective, the site demonstrates good baseline practices including HTTPS and CORS support. However, it lacks visible security policies, incident response information, and vulnerability disclosure mechanisms. The WHOIS data is unavailable due to privacy protection or query failure, which is common for small tech services but reduces transparency. No critical vulnerabilities or exposed sensitive data were found in the content. Overall, GeoJS presents a trustworthy and professional service with a solid technical foundation. Strategic improvements include adding security headers, publishing security and incident response policies, and implementing a vulnerability disclosure program to enhance trust and compliance.

Detected Technologies

JavaScriptHugoBulma CSSNetlifyCloudflare

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

GeoJS occupies a niche market providing IP geolocation API services with a focus on ease of use, availability, and integration with chat platforms. Its competitive advantage lies in offering no rate limits and multiple data formats, appealing to developers and businesses needing reliable geolocation data. Revenue streams appear to be indirect, supported by sponsorships and affiliate programs such as DigitalOcean referrals. The target customers are developers, SaaS providers, and enterprises requiring geolocation data. The partnership ecosystem includes major cloud and CDN providers enhancing service reliability. The company operates as a small entity with no public parent or subsidiaries, focusing on API service delivery and community engagement through blogs and open documentation.

Security Posture Analysis

Comprehensive Security Assessment

GeoJS demonstrates a moderate security maturity level with enforced HTTPS and CORS support. The absence of explicit security headers like Content-Security-Policy and HSTS is a gap that could be exploited. No visible incident response or security policies reduce transparency and preparedness perception. The lack of a vulnerability disclosure policy or security.txt file limits coordinated vulnerability reporting. No exposed credentials or sensitive data were detected. GDPR compliance is partially addressed via a privacy policy but lacks explicit cookie consent mechanisms. Overall, the security posture is adequate for a small API service but could be improved to meet higher compliance and trust standards.

Strategic Recommendations

Priority Actions for Security Improvement

Implement and enforce security headers such as Content-Security-Policy, Strict-Transport-Security, and X-Content-Type-Options.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

GeoJS

Description:

GeoJS provides a highly available REST/JSON/JSONP IP Geolocation lookup API service.

Key Services:

IP geolocation lookup APICountry information APIGeo information APIPTR record lookup APIChatOps integration

Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:

JavaScriptHugoBulma CSSNetlifyCloudflare

Frameworks:

HugoBulma

Platforms:

NetlifyDigitalOceanCloudflare

Performance:

fast

Mobile:

good

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

75/100

Best Practices:

HTTPS enforced
No rate limits yet (could be a risk)
No exposed sensitive data in HTML
CORS enabled

Analytics & Tracking

Tracking Level:minimal

Privacy Compliance:basic

Advertising & Marketing

Marketing Tools:

Mailchimp newsletter

Transparency Level:good

Website Quality Assessment

Design Quality:good

User Experience:good

Content Relevance:good

Navigation Clarity:good

Professionalism:good

Trustworthiness:high

Key Observations

Website is fully accessible with no blocking or WAF challenge

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

85/100

Score

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100

Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, banking, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

100/100

Score

No issues found

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:spf.messagingengine.com include:servers.mcsv.net -all

DNS Lookups:2/10

Policy:-all

DKIM Selectors Found

Selector:k1(1296-bit rsa)

DMARC Details

Policy:reject

Aggregate Reports:dmarc_rua@jloh.co

Forensic Reports:dmarc_ruf@jloh.co

MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

65/100

Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 32 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:www.geojs.io

Issuer:E6

Valid Until:11/4/2025 (32 days)

SANs:geojs.io, www.geojs.io

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age

8 years(mature)

Expiry Risk

low(137 days)

Protection Level

basicDNSSEC OFF

DNS Records

A Records:63.176.8.218, 35.157.26.135

AAAA Records:2a05:d014:58f:6200::259, 2a05:d014:58f:6200::258

Name Servers:

jack.ns.cloudflare.com

kim.ns.cloudflare.com

MX Records:

20: in2-smtp.messagingengine.com

10: in1-smtp.messagingengine.com

SOA:Serial: 2384292668, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:49ms

SPF Analysis

SPF Record:

v=spf1 include:spf.messagingengine.com include:servers.mcsv.net -all

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a modern static site generator (Hugo) combined with Bulma CSS for styling and is hosted on Netlify, ensuring fast and reliable delivery. The backend API services leverage DigitalOcean infrastructure and Cloudflare CDN for caching and geo-routing, enhancing availability and performance. The site is mobile optimized and accessible with good SEO metadata and Open Graph tags. JavaScript is used for dynamic IP geolocation display and Slack integration. No outdated or vulnerable libraries were detected in the provided content. The technical stack is well chosen for a small API service, balancing performance, scalability, and ease of maintenance.

Analyze Another Website

Is geojs.io a Scam? Security Check Results - GeoJS Reviews

Is geojs.io Safe? Security Analysis for GeoJS

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

No Cookie Policy found

No Cookie Consent Banner found

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

Critical sector without clear security compliance

📧Email Security

Email Security

SPF Details

DKIM Selectors Found

DMARC Details

MTA-STS Details

🏆SSL/TLS Security

SSL/TLS Security

SSL Certificate Expires Within 90 Days

Weak SSL Key Length

Mixed Content Detected

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

Domain Delete Lock Not Enabled

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings