Scan results

cloudfare.com

5/2/2026, 7:56:33 PM

Download PDF

89/ 100

Risk score

Good

Issues to address (2)

Header: content-security-policy

web

Medium

CSP restricts which sources of scripts, styles, and other content the browser will load — the strongest defense against XSS.

Fix: Define a CSP appropriate to your site. Start with: Content-Security-Policy: default-src 'self'; then refine.

CAA records

dns

Low

No CAA records published. CAA records restrict which Certificate Authorities can issue certificates for your domain, reducing the risk of mis-issuance.

Fix: Publish CAA records naming the CAs you use, e.g. "0 issue \"letsencrypt.org\"" and "0 issue \"digicert.com\"".

Passed checks (13)

Port scan summary

ports

Info

Checked 12 common ports on 172.67.211.231. Open: 80/HTTP, 443/HTTPS.

SPF record

Pass

SPF record is present and uses an enforcing policy.

DMARC policy

Pass

DMARC is published with a strict reject policy.

DKIM detection

Pass

DKIM key detected at selector(s): google, selector2, k1, s2, mail, s1, default, selector1.

MX records

Pass

MX records present (4). Mail will be routed to mailstream-canary.mxrecord.io.

Nameserver redundancy

dns

Pass

2 nameservers configured.

TLS certificate

tls

Pass

Valid certificate issued by WE1, expires in 33 days. Protocol: TLSv1.3.

Header: strict-transport-security

web

Pass

strict-transport-security is set.

Header: x-frame-options

web

Pass

x-frame-options is set.

Header: x-content-type-options

web

Pass

x-content-type-options is set.

Header: referrer-policy

web

Pass

referrer-policy is set.

Header: permissions-policy

web

Pass

permissions-policy is set.

HTTP → HTTPS redirect

web

Pass

HTTP requests redirect to HTTPS.