What is the security status of typeform.com?

typeform.com has a security score of 69/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is typeform.com safe to use?

Our security scan shows typeform.com is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does typeform.com have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 69/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is typeform.com's trust score?

typeform.com has a security score of 69/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is typeform.com Safe? Security Analysis for Typeform

https://typeform.com

Check if typeform.com is a scam or legitimate. Free security scan and reviews.

TechnologyN/alarge

Webflow CMSJavaScriptGoogle Tag ManagerGoogle AnalyticsOneTrust Cookie Consent+4 more

Analyzed 9/5/2025Completed 6:24:45 AM

Security Score

MEDIUM RISK

AI Summary

Typeform is a leading SaaS provider specializing in creating interactive, user-friendly forms and surveys designed to increase response rates without requiring coding skills. Their platform targets businesses and individuals seeking to collect data through quizzes, feedback, lead generation, and research tools. The company maintains a strong market position with a focus on design and user experience, supported by recognized certifications such as SOC 2 Type II and ISO 27001, underscoring their commitment to security and compliance. Technically, Typeform's website leverages modern web technologies including Webflow CMS, JavaScript frameworks, Google Tag Manager, and OneTrust for cookie consent management. The site is optimized for performance, mobile responsiveness, and accessibility, providing a seamless user experience. Their use of multiple analytics and marketing tools indicates a mature digital infrastructure with moderate user tracking balanced by GDPR-compliant privacy mechanisms. From a security perspective, the website enforces HTTPS, employs robust security headers, and integrates consent management tools to comply with privacy regulations. However, the absence of a publicly available security policy or incident response contact channels suggests room for improvement in transparency and readiness. The WHOIS data is unavailable, likely due to privacy protection, which slightly impacts trust but is mitigated by the company's visible certifications and professional presence. Overall, Typeform presents a secure, professional, and user-centric platform with strong privacy compliance and technical maturity. Strategic enhancements in security communication and public incident response mechanisms would further strengthen their security posture and trustworthiness.

Detected Technologies

Webflow CMSJavaScriptGoogle Tag ManagerGoogle AnalyticsOneTrust Cookie ConsentAlgolia SearchUUID libraryLazyLoadOptimizely

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Typeform operates in the technology sector as a SaaS provider offering interactive form and survey solutions. Their business model focuses on subscription-based services targeting a broad audience including marketers, researchers, and businesses requiring data collection tools. The company benefits from a strong brand presence, consistent content quality, and recognized security certifications, which enhance customer trust. Their marketing ecosystem includes partnerships with major ad networks and analytics providers, supporting growth and customer acquisition. The lack of explicit physical addresses or direct contact details suggests a primarily digital-first operation. Typeform's competitive advantage lies in its user-friendly design and comprehensive feature set, positioning it well in the online form and survey market.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

u*****@typeform.comMy

Security Posture Analysis

Comprehensive Security Assessment

Typeform demonstrates a mature security posture with enforced HTTPS, comprehensive security headers, and integration of GDPR-compliant cookie consent mechanisms via OneTrust. The presence of SOC 2 Type II and ISO 27001 certifications indicates adherence to industry best practices. However, the absence of a dedicated security policy page and explicit incident response contacts limits transparency and may hinder rapid communication during security events. No vulnerabilities or exposed sensitive data were detected in the website content. The use of multiple third-party scripts necessitates ongoing vigilance to prevent supply chain risks. Overall, the security maturity is high but could be improved by publishing vulnerability disclosure programs and security contact information.

Strategic Recommendations

Priority Actions for Security Improvement

Publish a dedicated security policy and incident response page to improve transparency and user trust.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Typeform

Description:

Build beautiful, interactive forms — get more responses. No coding needed. Templates for quizzes, research, feedback, lead generation, and more. Sign up FREE.

Key Services:

Interactive form creationSurvey toolsQuizzesLead generationFeedback collection

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

Webflow CMSJavaScriptGoogle Tag ManagerGoogle AnalyticsOneTrust Cookie ConsentAlgolia SearchUUID libraryLazyLoadOptimizely

Frameworks:

Webflow

Platforms:

Web

Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

90/100

Best Practices:

HTTPS enforced
Use of OneTrust for GDPR cookie consent
No exposed sensitive data in HTML
Secure script loading with async and defer
No inline event handlers detected

Analytics & Tracking

Services:

Google AnalyticsGoogle Tag ManagerOptimizely

Tracking Level:moderate

Privacy Compliance:good

Advertising & Marketing

Ad Networks:

Google Ads

Tracking Pixels:

Optimizely

Marketing Tools:

Optimizely

Transparency Level:good

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is fully accessible with no blocking or WAF challenges.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100

Score

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100

Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:mail.zendesk.com include:_spf.google.com include:mailgun.org include:sendgrid.net ip4:136.143.188.0/24 ip4:135.84.80.0/24 ip4:135.84.82.0/24 ip4:117.20.43.11/32 ip4:136.143.184.0/24 ip4:13.108.0.0/14 ip4:66.231.80.0/20 ip4:68.232.192.0/20 ip4:96.43.144.0/20 ip4:128.17.0.0/16 ip4:128.245.0.0/16 ip4:136.146.0.0/15 ip4:198.245.80.0/20 ip4:199.122.120.0/21 ip4:204.14.232.0/21 ip4:34.226.36.48/28 ip4:34.211.108.32/28 ip4:13.58.135.64/28 ip4:13.56.32.176/28 ip4:35.182.14.32/28 ip4:52.60.248.0/22 ip4:52.60.252.0/22 ip4:3.98.2.135/32 ip4:3.98.8.160/32 ip4:3.97.226.192/32 ip4:13.210.4.0/22 ip4:13.210.8.0/22 ip4:13.210.180.120/32 ip4:13.238.98.67/32 ip4:54.252.37.181/32 ip4:3.6.203.25/32 ip4:13.127.212.138/32 ip4:15.206.226.165/32 ip4:15.207.181.18/32 ip4:15.207.182.186/32 ip4:65.0.79.252/32 ip4:3.225.240.254/32 ip4:18.204.28.162/32 ip4:18.214.12.209/32 ip4:34.202.86.120/32 ip4:34.204.111.166/32 ip4:52.44.156.44/32 ip4:44.233.69.21/32 ip4:44.237.79.66/32 ip4:52.36.20.11/32 ip4:35.80.213.208/32 ip4:35.161.141.162/32 ip4:44.234.249.148/32 ip4:85.222.128.0/19 ip4:159.92.128.0/17 ip4:160.8.0.0/16 ip4:161.71.0.0/17 ip4:163.76.128.0/17 ip4:163.79.128.0/17 ip4:185.79.140.0/22 ip4:34.253.190.64/28 ip4:35.158.127.48/28 ip4:35.176.92.16/28 ip4:13.36.84.96/28 ip4:13.50.68.64/28 ip4:13.37.59.29/32 ip4:15.236.110.244/32 ip4:15.236.160.173/32 ip4:101.53.160.0/19 ip4:104.161.128.0/17 ip4:161.32.64.0/18 ip4:161.32.128.0/17 ip4:161.71.128.0/17 ip4:182.50.76.0/22 ip4:202.129.242.0/23 ip4:13.113.196.48/28 ip4:13.228.64.80/28 ip4:13.124.145.0/28 ip4:13.126.23.64/28 ip4:13.210.3.208/28 ip4:13.215.171.240/28 ip4:35.73.89.117/32 ip4:18.181.43.11/32 ip4:54.95.206.252/32 ip4:54.254.118.123/32 ip4:13.251.9.241/32 ip4:13.250.175.171/32 ip4:54.233.205.0/28 ip4:177.71.229.247/32 ip4:18.228.66.156/32 ip4:18.228.207.180/32 ip4:54.89.46.80/32 ip4:18.208.102.98/32 ip4:35.170.128.37/32 ip4:34.252.232.69/32 ip4:52.212.177.196/32 -all

DNS Lookups:4/10

Policy:-all

DKIM Selectors Found

Selector:google(1392-bit rsa)

Selector:s1(1440-bit rsa)

DMARC Details

Policy:reject

Subdomain Policy:reject

Aggregate Reports:reports@dmarc-report.typeform.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

90/100

Score

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:*.typeform.com

Issuer:Amazon RSA 2048 M04

Valid Until:7/27/2026 (325 days)

SANs:*.typeform.com, typeform.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

70/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

Potential Subdomain Takeover

HIGH

Subdomain staging.typeform.com points to unregistered service d1o7hancqope1k.cloudfront.net

Domain Registration Details

Domain Age

23 years(mature)

Expiry Risk

none(3209 days)

Protection Level

strongDNSSEC OFF

DNS Records

A Records:3.164.206.36, 3.164.206.35, 3.164.206.95, 3.164.206.9

Name Servers:

ns-14.awsdns-01.com

ns-1444.awsdns-52.org

ns-1725.awsdns-23.co.uk

ns-788.awsdns-34.net

MX Records:

10: aspmx3.googlemail.com

10: aspmx2.googlemail.com

5: alt1.aspmx.l.google.com

5: alt2.aspmx.l.google.com

1: aspmx.l.google.com

SOA:Serial: 1, TTL: 86400s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:52ms

SPF Analysis

SPF Record:

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on Webflow CMS with a modern JavaScript-based tech stack including libraries for localization, lazy loading, and tracking. It uses Google Tag Manager and Google Analytics for marketing and analytics, alongside Optimizely for experimentation. The site is well-optimized for performance and mobile responsiveness, with proper use of meta tags and SEO best practices. Cookie consent is managed via OneTrust, ensuring GDPR compliance. Hosting appears to be via Webflow or associated CDNs, providing reliable uptime and fast content delivery. The technical implementation reflects a mature and well-maintained infrastructure suitable for a large SaaS provider.

Analyze Another Website

Is typeform.com a Scam? Security Check Results - Typeform Reviews

Is typeform.com Safe? Security Analysis for Typeform

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (1)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Strict-Transport-Security header

Missing X-Frame-Options header

Missing X-Content-Type-Options header

Missing Content-Security-Policy header

Missing X-XSS-Protection header

Missing Referrer-Policy header

Missing Permissions-Policy header

Sensitive data may be cached

👤GDPR Compliance

GDPR Compliance

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Mixed Content Detected

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

Potential Subdomain Takeover

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings