Skip to main content

Is whistleb.com a Scam? Security Check Results - NAVEX Global, Inc. Reviews

whistleb.com favicon

Is whistleb.com Safe? Security Analysis for NAVEX Global, Inc.

https://whistleb.com

Check if whistleb.com is a scam or legitimate. Free security scan and reviews.

TechnologyUnited Kingdomenterprise
JavaScriptGoogle Tag ManagerWistia video embedsMarketo formsTrustArc consent management+4 more
Analyzed 7/30/2025Completed 8:42:19 PM
75
Security Score
MEDIUM RISK

AI Summary

NAVEX Global, Inc. operates a comprehensive whistleblowing and compliance platform, WhistleB, targeting organizations seeking to implement or scale speak-up programs efficiently, particularly within the European regulatory landscape. The company positions itself as a trusted enterprise-grade provider with a strong focus on compliance with global and EU whistleblowing regulations. Their offerings include secure, fast, and compliant whistleblowing systems with multi-language support and incident management capabilities. Technically, the website leverages modern JavaScript frameworks and integrates multiple analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, Optimizely, and Marketo, indicating a mature digital infrastructure. The site is well-optimized for performance, mobile responsiveness, and accessibility, providing a seamless user experience. From a security perspective, NAVEX demonstrates strong practices including HTTPS enforcement, data storage within the EU, encrypted communications, and multi-factor authentication. However, explicit security headers and a public security policy or vulnerability disclosure page are not evident, representing areas for improvement. Overall, the website and business present a low-risk profile with strong trust indicators, professional content, and compliance alignment. The absence of WHOIS data is noted but does not detract significantly from the legitimacy given the company's market presence and detailed compliance documentation.

Detected Technologies

JavaScriptGoogle Tag ManagerWistia video embedsMarketo formsTrustArc consent managementMicrosoft ClarityOptimizelyQualifiedCalibermind analytics

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

NAVEX Global is positioned as a leading provider in the governance, risk, and compliance (GRC) technology sector, focusing on whistleblowing and incident management solutions. Their business model is B2B SaaS, serving large enterprises and organizations with complex compliance needs. The company leverages a broad partnership and customer ecosystem, supporting over 13,000 organizations globally. Revenue streams likely include subscription plans (Core, Pro, Premium) and professional services such as consulting and implementation support. NAVEX's competitive advantage lies in its compliance expertise, multi-language support, and rapid deployment capabilities. The company maintains a strong brand presence with consistent messaging and extensive resource offerings, supporting customer education and engagement.

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

+4402089******

Security Posture Analysis

Comprehensive Security Assessment

NAVEX exhibits a mature security posture with key strengths including encrypted data storage in the EU, SOC 2 Type II certification, and secure communication channels. The platform supports two-factor authentication and layered user authorization, enhancing access control. No immediate vulnerabilities or exposed sensitive data were detected in the website content. However, the absence of explicit security headers (e.g., CSP, HSTS) and a public incident response or vulnerability disclosure policy suggests room for enhancement in transparency and defense-in-depth. Compliance with GDPR is well-documented, and consent management is actively implemented. Overall, NAVEX demonstrates readiness to protect customer data and maintain regulatory compliance, though formalizing additional security policies would strengthen their posture.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement and publish comprehensive security headers such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options to enhance browser security.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

NAVEX Global, Inc.

Description:

Start up or scale a speak-up program in days, not months with NAVEX WhistleB.

Key Services:
Whistleblowing system (WhistleB)Incident managementCompliance software bundlesEthics & compliance trainingPolicy & procedure managementRisk & governance solutions
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
JavaScriptGoogle Tag ManagerWistia video embedsMarketo formsTrustArc consent managementMicrosoft ClarityOptimizelyQualifiedCalibermind analytics
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
85/100
Best Practices:
  • HTTPS enforced
  • Two-factor authentication for admin users
  • Data stored securely in EU
  • Encrypted communication channels
  • Multi-factor authentication and layered user authorization

Analytics & Tracking

Services:
Microsoft ClarityGoogle Tag ManagerOptimizelyQualifiedCalibermind
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:
Microsoft ClarityOptimizelyQualifiedCalibermind
Marketing Tools:
MarketoTrustArc Consent Management
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and multimedia

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

80/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

47/100
Score

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

95/100
Score

Complex SPF record

LOW

Too many include statements can cause lookup limits

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 ip4:38.134.235.29 ip4:38.114.109.154 ip4:168.215.128.118 ip4:168.215.128.115 ip4:168.215.128.126 include:spfa.navexglobal.com exists:%{i}._spf.mta.salesforce.com include:mktomail.com include:spf.protection.outlook.com ip4:209.34.66.1 ip4:209.34.91.104 ip4:83.138.167.180/30 ip4:3.215.160.32 ip4:18.195.100.228 ip4:149.137.197.20 ip4:67.231.158.158 ip4:67.231.151.29 ip4:67.231.152.177 ip4:208.84.65.220 a:spf.keysurvey.com include:mailsenders.netsuite.com include:spfa.mailendo.com -all
DNS Lookups:7/10
Policy:-all
DKIM Selectors Found
Selector:selector1(1416-bit rsa)
Selector:selector2(1416-bit rsa)
DMARC Details
Policy:reject
Aggregate Reports:c605fb65@mxtoolbox.dmarc-report.com
Forensic Reports:c605fb65@forensics.dmarc-report.com
MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 59 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:www.navex.com
Issuer:E6
Valid Until:9/28/2025 (59 days)
SANs:www.navex.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:38.114.109.32
Name Servers:
ns-119.awsdns-14.comDNS only
ns-1504.awsdns-60.orgDNS only
ns-1789.awsdns-31.co.ukDNS only
ns-721.awsdns-26.netDNS only
MX Records:
0: navex-com.mail.protection.outlook.com

DNSSEC Status

DNSSEC Not Enabled

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website employs a modern and diverse technology stack including JavaScript modules, third-party analytics, marketing automation (Marketo), and consent management (TrustArc). Video content is delivered via Wistia, enhancing engagement. The site is well-structured with semantic HTML and includes SEO-friendly metadata and JSON-LD structured data for products. Performance is optimized with deferred script loading and responsive design. Accessibility considerations are evident, though further ARIA enhancements could be beneficial. Hosting details are not explicit but the use of global CDNs and secure HTTPS indicates a robust infrastructure. Opportunities exist to further modernize security configurations and improve WHOIS transparency.
Analyze Another Website