Public signal leaderboard

SaaS Security Leaderboard

Which SaaS platforms pass NIS2 Article 21 external checks? Public grades for 8 well-known domains: HTTP security headers, DMARC, DNSSEC. Measured from outside, no authentication. Embed the badge on your own site.

€39 Audit Pack Scan my domain free

Domain	Category	Grade
Stripe (stripe.com)	Payment infrastructure	B
GitHub (github.com)	Developer platform	B
Slack (slack.com)	Business messaging	C
Notion (notion.so)	Productivity SaaS	F
HubSpot (hubspot.com)	CRM platform	F
Salesforce (salesforce.com)	Enterprise CRM	F
Shopify (shopify.com)	E-commerce platform	F
Intercom (intercom.io)	Customer messaging	F

About these snapshots

Each page shows 7 publicly-observable signals: HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy), DMARC DNS TXT policy, and DNSSEC. This is what an external observer can measure from outside without authentication. A full NIS2 Article 21 assessment covers far more. Scan your own domain at saasfort.com/scan for the complete 60-check picture.

Check your own domain with 60 checks, not 7

The free scan runs 60 OWASP and NIS2 checks in under 60 seconds. The €39 audit pack adds the dated PDF your auditor or enterprise buyer asks for. No account, no subscription.

Scan my domain free (60s) €39 Audit Pack

Also see: security scan use cases, NIS2 evidence guides.