Skip to main content

Is pros.com a Scam? Security Check Results - PROS, Inc. Reviews

pros.com favicon

Is pros.com Safe? Security Analysis for PROS, Inc.

https://pros.com

Check if pros.com is a scam or legitimate. Free security scan and reviews.

TechnologyUnited Statesenterprise
WordPressElementorjQueryCloudflare DNSCustom icon fonts+2 more
Analyzed 7/31/2025Completed 12:00:30 AM
69
Security Score
MEDIUM RISK

AI Summary

PROS, Inc. operates a sophisticated SaaS platform specializing in AI-powered pricing, configure-price-quote (CPQ), and revenue management solutions targeting enterprise clients across industries such as airlines, manufacturing, distribution, and logistics. The company leverages advanced neural network AI technology to enable real-time pricing and selling capabilities, positioning itself as a market leader in dynamic pricing and revenue optimization. The website reflects a mature digital presence with comprehensive product and solution information, strong branding, and a focus on customer success and innovation. Technically, the website is built on WordPress with Elementor, utilizing modern web technologies including jQuery, custom icon fonts, and video content. Hosting and DNS services are managed through reputable providers including GoDaddy and Cloudflare, ensuring good performance and availability. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing search visibility. From a security perspective, the site enforces HTTPS and employs best practices such as nonce usage for AJAX calls and Cloudflare DNS. However, DNSSEC is not enabled, and some security headers like Content-Security-Policy are not explicitly detected, representing areas for improvement. Privacy and cookie policies are present and indicate GDPR compliance, though explicit incident response contacts and vulnerability disclosure policies are not found. Overall, PROS.com demonstrates a high level of professionalism, security, and compliance suitable for an enterprise SaaS provider. Strategic recommendations include enhancing DNS security with DNSSEC, publishing a vulnerability disclosure policy, and strengthening HTTP security headers to further improve trust and resilience.

Detected Technologies

WordPressElementorjQueryCloudflare DNSCustom icon fontsVideo embeddingSlick Carousel

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

PROS, Inc. is positioned as a leading technology provider in AI-driven pricing and revenue management software, serving large enterprises globally. Their business model centers on SaaS delivery of advanced AI solutions that optimize pricing, quoting, and revenue across multiple industries, with a strong focus on airlines and travel. The company has a long-established domain (since 1994) and a broad partner ecosystem including marketplace and support portals. Revenue streams likely include subscription fees, professional services, and training. The website content and social media presence indicate active engagement with customers and partners, reinforcing market leadership and innovation. Growth indicators include extensive product offerings, customer testimonials, and industry awards. The company emphasizes customer experience and operational excellence as competitive advantages.

Security Posture Analysis

Comprehensive Security Assessment

The security posture of PROS.com is solid with HTTPS enforced and use of Cloudflare DNS services providing baseline protection. The website uses nonce tokens for AJAX requests, reducing CSRF risks. No sensitive data or credentials are exposed in the HTML content. However, DNSSEC is not enabled, which is a recommended best practice to prevent DNS spoofing. Some common security headers like Content-Security-Policy and X-Content-Type-Options are not explicitly detected, which could enhance protection against XSS and MIME sniffing attacks. No vulnerability disclosure or incident response contacts are published, which limits transparency for security researchers. Overall, the site demonstrates good security hygiene but could improve in header implementation and security policy transparency.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to improve DNS security and prevent spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

PROS, Inc.

Description:

The PROS SaaS platform powers profitable growth for the world’s leading companies with the planet’s most advanced neural network AI technology.

Key Services:
AI-powered CPQDynamic PricingRevenue SoftwarePrice Optimization & ManagementRebate ManagementAirline Revenue ManagementReal-Time Dynamic PricingOffer Marketing
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
WordPressElementorjQueryCloudflare DNSCustom icon fontsVideo embeddingSlick Carousel
Frameworks:
Elementor
Platforms:
SaaS
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

excellent

Security Assessment

Security Score:
85/100
Best Practices:
  • HTTPS enforced
  • No exposed sensitive data in HTML
  • Use of nonce for AJAX calls
  • Use of Cloudflare DNS for protection

Analytics & Tracking

Services:
Custom analytics (analytics.pros.com)Google Tag Manager (implied)
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:
analytics.pros.com
Marketing Tools:
Google Tag Manager (implied by dataLayer usage)
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is a professional enterprise SaaS platform focused on AI-powered pricing and revenue management.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

85/100
Score

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

68/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:mktomail.com ~all
DNS Lookups:2/10
Policy:~all
DKIM Selectors Found
Selector:selector2(1416-bit rsa)
Selector:s1(1440-bit rsa)
DMARC Details
Policy:reject

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

77/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

90/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

DNS Records

A Records:34.206.20.116, 34.206.69.87
Name Servers:
abby.ns.cloudflare.comDNS only
kellen.ns.cloudflare.comDNS only
MX Records:
10: mxa-0024c702.gslb.pphosted.com
10: mxb-0024c702.gslb.pphosted.com
SOA:Serial: 2378077396, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:56ms

SPF Analysis

SPF Record:
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:mktomail.com ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

40/100
Score

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on a modern WordPress CMS with Elementor page builder, leveraging jQuery and custom icon fonts. It uses Cloudflare DNS and GoDaddy as registrar, with no DNSSEC enabled. The site includes video content and interactive carousels for rich user experience. Performance is fast with preloading of fonts and images. The site is mobile-optimized and accessible with good SEO practices including meta tags, Open Graph, and JSON-LD structured data. AJAX calls use nonce tokens for security. The technical stack is mature and well-maintained, though some security headers could be added to enhance protection. Overall, the infrastructure supports a scalable and professional enterprise SaaS platform.
Analyze Another Website