What is the security status of sketchfab.com?

sketchfab.com has a security score of 72/100, rated as Safe. The website demonstrates good security practices.

Is sketchfab.com safe to use?

Our security scan shows sketchfab.com is Safe. SSL security issues detected. Always practice safe browsing habits.

Does sketchfab.com have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 72/100, the website is rated as Safe. However, websites can change over time, so always use updated security software.

What is sketchfab.com's trust score?

sketchfab.com has a security score of 72/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is sketchfab.com Safe? Security Analysis for Sketchfab, Inc.

https://sketchfab.com

Check if sketchfab.com is a scam or legitimate. Free security scan and reviews.

TechnologyUnited Statesmedium

JavaScriptReact (implied by React model page popup feature)Vimeo (video embedding)FontAwesome ProAWS DNS hosting+3 more

Analyzed 8/3/2025Completed 11:41:36 AM

Security Score

MEDIUM RISK

AI Summary

Sketchfab, Inc. operates a leading platform for 3D and augmented reality content on the web, serving a large community of over one million creators. The company offers a comprehensive suite of services including 3D model hosting, sharing, embedding, and a marketplace for buying and selling 3D assets. Their platform supports web, mobile, AR, and VR environments, positioning them as a market leader in 3D content distribution and enterprise 3D asset management. Owned by Epic Games, Sketchfab benefits from strong backing and integration opportunities within the gaming and digital content ecosystem. Technically, the website employs modern web technologies such as React, AWS hosting, and integrates third-party services like PayPal and Vimeo. The site is well-optimized for performance, mobile responsiveness, and accessibility, with good SEO practices and structured data implementation. Security posture is strong with HTTPS enforced, use of cookie consent via OneTrust, and error monitoring through Sentry. However, there is room for improvement in publishing explicit security policies and vulnerability disclosure mechanisms. Overall, Sketchfab presents a professional, trustworthy, and technically mature web presence with a solid business model and market position.

Detected Technologies

JavaScriptReact (implied by React model page popup feature)Vimeo (video embedding)FontAwesome ProAWS DNS hostingPayPal SDKOneTrust cookie consentSentry for error tracking

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Sketchfab holds a strong market position as the largest platform for 3D content publishing and discovery, targeting 3D creators, enterprises, and businesses requiring 3D asset management and AR/VR solutions. Their business model combines community engagement with commercial offerings including a 3D model marketplace and enterprise solutions. The company leverages partnerships such as Fab.com for commerce and benefits from Epic Games' ownership. Growth indicators include a large active user base, trusted brand associations, and continuous feature development. The platform's ecosystem includes integrations with social media and developer APIs, enhancing its competitive advantage. Strategic observations highlight the importance of expanding enterprise offerings and maintaining high technical standards to sustain market leadership.

Security Posture Analysis

Comprehensive Security Assessment

Sketchfab demonstrates a mature security posture with enforced HTTPS, use of reputable third-party services for cookie consent and error tracking, and no visible exposure of sensitive data. The absence of a dedicated security policy or incident response contact and lack of a security.txt file are gaps that could be addressed to improve transparency and vulnerability management. The domain registration is consistent and stable, with no suspicious indicators. Overall, the security maturity is good but could benefit from formalized policies and enhanced DNS security such as DNSSEC.

Strategic Recommendations

Priority Actions for Security Improvement

Enable DNSSEC on the domain to enhance DNS security and prevent spoofing.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Sketchfab, Inc.

Description:

With a community of over one million creators, Sketchfab is the world’s largest platform to publish, share, and discover 3D content on web, mobile, AR, and VR.

Key Services:

3D model hosting and viewing3D content marketplaceEnterprise 3D asset management3D viewer embeddable on websites and social media3D editor with Physically Based Rendering tools

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

JavaScriptReact (implied by React model page popup feature)Vimeo (video embedding)FontAwesome ProAWS DNS hostingPayPal SDKOneTrust cookie consentSentry for error tracking

Frameworks:

React (implied)Schema.org structured data

Platforms:

WebMobile (responsive design)AR/VR platforms (viewer supports AR/VR)

Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

85/100

Best Practices:

HTTPS enforced
Use of OneTrust for cookie consent
No exposed sensitive data in HTML
Use of Sentry for error monitoring
No visible vulnerable libraries

Analytics & Tracking

Services:

Sentry (error tracking)

Tracking Level:moderate

Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:

OneTrustSentry

Marketing Tools:

OneTrust cookie consentSocial media integrations

Transparency Level:basic

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is fully accessible with rich content and interactive 3D models.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

55/100

Score

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

75/100

Score

Weak DKIM Key

HIGH

DKIM selector 'google' uses 952-bit key

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:_spf.google.com include:spf.discoursehosting.com include:spf.sendinblue.com include:spf-003d3601.pphosted.com -all

DNS Lookups:4/10

Policy:-all

DKIM Selectors Found

Selector:google(952-bit rsa)

Selector:mail(1296-bit rsa)

DMARC Details

Policy:quarantine

Subdomain Policy:quarantine

Aggregate Reports:dmarc_rua@emaildefense.proofpoint.com

Forensic Reports:dmarc_ruf@emaildefense.proofpoint.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

82/100

Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Enabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

90/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

Domain Registration Details

Domain Age

13 years(mature)

Expiry Risk

none(570 days)

Protection Level

strongDNSSEC OFF

DNS Records

A Records:108.156.22.84, 108.156.22.112, 108.156.22.40, 108.156.22.21

Name Servers:

ns-1005.awsdns-61.net

ns-1283.awsdns-32.org

ns-15.awsdns-01.com

ns-1716.awsdns-22.co.uk

MX Records:

10: mxa-003d3601.gslb.pphosted.com

10: mxb-003d3601.gslb.pphosted.com

SOA:Serial: 1, TTL: 86400s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:65ms

SPF Analysis

SPF Record:

v=spf1 include:_spf.google.com include:spf.discoursehosting.com include:spf.sendinblue.com include:spf-003d3601.pphosted.com -all

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on a modern technology stack including React, AWS hosting, and integrates multiple third-party services such as PayPal for payments and Vimeo for video content. The site is optimized for fast loading, mobile responsiveness, and accessibility, with comprehensive meta tags and structured data for SEO. The use of OneTrust for cookie consent indicates attention to privacy compliance. Hosting on AWS with multiple DNS servers provides reliability. There is no indication of a traditional CMS, suggesting a custom-built platform tailored for 3D content delivery. Technical risks are minimal, but enabling DNSSEC and improving security headers would further strengthen the infrastructure.

Analyze Another Website

Is sketchfab.com a Scam? Security Check Results - Sketchfab, Inc. Reviews

Is sketchfab.com Safe? Security Analysis for Sketchfab, Inc.

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Weak Strict-Transport-Security configuration

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing Referrer-Policy header

Missing Permissions-Policy header

👤GDPR Compliance

GDPR Compliance

No Data Protection Officer mentioned

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

Critical sector without clear security compliance

📧Email Security

Email Security

Weak DKIM Key

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Weak Protocols Supported

Certificate Transparency Not Implemented

Partial SSL/TLS Assessment

Protocol Support

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

fab.com

epicgames.com