Is kdsensor.com Safe? Security Analysis for 常州科达传感器成套设备有限公司
Check if kdsensor.com is a scam or legitimate. Free security scan and reviews.
AI Summary
常州科达传感器成套设备有限公司是一家位于中国江苏省常州市的专业制造企业,成立于1993年,专注于生产和销售钢铁、冶金及轻工业传感器产品,包括冷热金属检测器、热金属检测器、高精度激光检测器等。公司在行业内拥有良好的市场地位,是多家大型钢厂的定点供应商,产品以质量优良和价格合理著称。技术基础包括使用多种前端技术如jQuery、Bootstrap和Swiper.js,网站设计专业且移动端优化良好,用户体验较好。安全方面,网站缺少明显的安全头部配置,使用了较旧版本的jQuery,存在潜在安全风险,且未发现隐私政策和Cookie同意机制,存在合规风险。WHOIS信息缺失,无法验证域名注册的合法性,降低了整体信任度。建议加强安全配置,更新技术栈,并完善隐私合规措施以提升整体安全和合规水平。
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
该公司定位于制造业,专注于工业传感器的研发和生产,目标客户为钢铁、冶金及轻工业领域的企业。其业务模式为制造加直销,拥有超过十年的行业经验和多个大型钢厂客户,显示出稳定的市场地位和良好的客户基础。网站内容丰富,涵盖产品介绍、新闻动态及服务中心,体现出较强的业务专业性。合作伙伴和友情链接涵盖相关工业设备和材料供应商,构建了较为完善的产业链生态。缺乏公开的隐私政策和安全响应机制,可能影响客户信任和合规性。整体业务表现为中型企业,具备一定的市场竞争力和成长潜力。
Extracted Contact Information
Marketing Intelligence Data
Email Addresses (1)
Phone Numbers (2)
Physical Addresses (1)
Security Posture Analysis
Comprehensive Security Assessment
网站启用了HTTPS(通过canonical标签可推断),但未检测到安全相关HTTP头部如Content-Security-Policy、X-Frame-Options等,安全防护措施不足。使用的jQuery版本较旧(1.8.3),存在已知安全漏洞风险。网站未提供隐私政策和Cookie同意机制,存在GDPR等隐私法规合规风险。未发现安全事件响应联系方式或漏洞披露渠道,安全事件处理能力未知。建议尽快升级前端库,完善安全头部配置,建立隐私合规机制,并公开安全事件响应联系方式以提升安全成熟度。
Strategic Recommendations
Priority Actions for Security Improvement
升级jQuery及其他前端库至最新安全版本,减少已知漏洞风险。
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
常州科达传感器成套设备有限公司
常州科达传感器成套设备有限公司位于江苏省常州市的东北面,是专业生产钢铁、冶金、轻工业传感器的企业,产品包括热金属检测器、冷金属检测器、高精度激光检测器、激光光栅面积传感器、扫描型活套检测器等,产品质量好且价格低廉,获得客户广泛好评。
good
consistent
Technical Stack
moderate
good
basic
basic
Security Assessment
- HTTPS usage implied by canonical URL (http://www.kdsensor.com/ but no explicit https found in HTML content)
- No visible exposed sensitive data in HTML
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with no WAF or blocking detected.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Weak Referrer-Policy configuration
LOWCurrent value: "unsafe-url"
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
Critical sector without clear security compliance
HIGHDetected sectors: transport, digital
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
SPF Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 77 days
Mixed Content Detected
MEDIUM4 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Good Network Security Posture
LOWNo unnecessary services detected on common risky ports
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings