Executive Summary
High-level findings and risk assessment for houstons.tech
houstons.tech demonstrates a bifurcated security posture: email authentication is well-configured with SPF hardfail and DMARC reject policy, while web security hardening is critically absent. Zero security headers are present — no HSTS, CSP, X-Frame-Options, or any other protective headers — leaving the site vulnerable to clickjacking, XSS, and MIME-type attacks. HTTP-to-HTTPS enforcement is not configured, meaning visitors accessing via HTTP receive no redirect. DNSSEC is enabled (commendable for a .tech domain), but CAA records are missing. The 18 subdomains discovered via Certificate Transparency represent a broad attack surface. Forward Email provides MX services with proper SPF and DMARC, though no DKIM selectors were found under the domain and STARTTLS was not offered during SMTP testing. The Cloudflare WAF provides some implicit protection, but explicit security header configuration is essential for defense-in-depth.
HST-002: Enable Always Use HTTPS in Cloudflare — eliminates plaintext HTTP exposure (1 minute)
HST-005: Enable HSTS via Cloudflare SSL/TLS dashboard — prevents SSL stripping attacks (2 minutes)
| ID | Finding | Severity | Status |
|---|---|---|---|
HST-001 | No Security Headers Configured (0/9) | Critical | Open |
HST-002 | HTTP to HTTPS Redirect Not Enforced | High | Open |
HST-003 | No DKIM Records Found | High | Open |
HST-004 | SMTP STARTTLS Not Available on MX | High | Open |
HST-005 | No HSTS Header — First-Visit MITM Vulnerability | High | Open |
HST-006 | No Content Security Policy (CSP) | High | Open |
HST-007 | MTA-STS Record Exists But Policy Not Enforced | Medium | Open |
HST-008 | No CAA Records Configured | Medium | Open |
HST-009 | No Sitemap.xml Available | Medium | Open |
HST-010 | No security.txt Disclosure Policy | Medium | Open |
HST-011 | Cloudflare SSL Handshake Failure (HTTP 525) | Medium | Open |
HST-012 | Single DNS Provider (No NS Diversity) | Low | Open |
HST-013 | No DANE/TLSA Records | Low | Open |
HST-014 | No BIMI Record Configured | Low | Open |
HST-015 | 18 Subdomains Discovered via Certificate Transparency | Info | Open |
HST-016 | AI Crawler Blocks Properly Configured | Info | Open |
HST-017 | Strong TLS Configuration — TLS 1.3 with PFS | Info | Open |
HST-018 | SPF Hardfail + DMARC Reject — Strong Email Authentication | Info | Open |
HST-019 | DNSSEC Enabled | Info | Open |
HST-020 | Clean Blacklist Status — All Lists Clear | Info | Open |
Assessment Scope
What was tested, how, and what limitations apply
In Scope
- ✓ DNS records & configuration
- ✓ Email authentication (SPF, DKIM, DMARC, MTA-STS, TLS-RPT, DANE)
- ✓ HTTP security headers
- ✓ SSL/TLS configuration
- ✓ DNSBL / blacklist checking
- ✓ SMTP analysis
- ✓ OSINT & historical intelligence
- ✓ Compliance framework alignment
Out of Scope
- ✗ Application security testing
- ✗ Penetration testing
- ✗ Source code review
- ✗ Social engineering
- ✗ Internal network assessment
This assessment was performed using publicly available information only. No intrusive testing was conducted. Scan timestamp: 2026-03-05T15:02:54Z. Mode: Deep Scan + Crawl.
Detailed Findings
20 findings identified, sorted by severity.
No Security Headers Configured (0/9)
The web server returns zero security headers. None of the nine standard security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy) are present. This is the single largest gap in the security posture.
Evidence
HTTP response headers contain no security headers. Header score: F (0/9 present).
Remediation
Add security headers via Cloudflare Transform Rules or _headers file: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none' X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: camera=(), microphone=(), geolocation=() Cross-Origin-Opener-Policy: same-origin
HTTP to HTTPS Redirect Not Enforced
Accessing http://houstons.tech does not redirect to HTTPS. Visitors entering the URL without the protocol prefix will connect over unencrypted HTTP, exposing them to man-in-the-middle attacks, session hijacking, and content injection.
Evidence
Redirect chain test: http://houstons.tech → no redirect. httpsEnforced: false. Only 1 hop in chain with null status.
Remediation
Enable 'Always Use HTTPS' in Cloudflare SSL/TLS settings, or add a Page Rule: Match: http://*houstons.tech/* Action: Always Use HTTPS
No DKIM Records Found
No DKIM (DomainKeys Identified Mail) DNS records were found after checking 20 common selectors. Without DKIM, recipients cannot verify that emails from houstons.tech have not been tampered with in transit. This weakens the email authentication triad despite strong SPF and DMARC configuration.
Evidence
DKIM check: found=false, selectorsChecked=20, foundSelectors=[]. Selectors checked include: google, s1, s2, selector1, selector2, default, fe-{1..4}, protonmail, etc.Remediation
Configure DKIM with Forward Email: 1. Log into Forward Email dashboard 2. Navigate to Domain Settings → DKIM 3. Copy the DKIM TXT record (typically selector 'fe' or 'default') 4. Add as TXT record in Cloudflare DNS: fe._domainkey.houstons.tech → v=DKIM1; k=rsa; p=... 5. Verify with: dig TXT fe._domainkey.houstons.tech
SMTP STARTTLS Not Available on MX
The primary MX server (mx1.forwardemail.net) did not offer STARTTLS during SMTP handshake testing. Without STARTTLS, email transmitted to houstons.tech may traverse the internet in plaintext, exposing message contents to interception.
Evidence
SMTP test to mx1.forwardemail.net: starttls=false, requiretls=false. EHLO response did not include STARTTLS capability. Banner: '220 mx1.forwardemail.net ESMTP'.
Remediation
This is a Forward Email configuration issue. Verify Forward Email's STARTTLS support: 1. Check Forward Email dashboard for TLS settings 2. Contact Forward Email support if STARTTLS is not being advertised 3. Consider testing from multiple locations (ISP may strip STARTTLS advertisement) 4. MTA-STS enforcement (HST-007) provides fallback protection
No HSTS Header — First-Visit MITM Vulnerability
HTTP Strict Transport Security (HSTS) is not configured. Without HSTS, browsers will not automatically upgrade connections to HTTPS, leaving users vulnerable to SSL stripping attacks on first visit and after cache expiry.
Evidence
HSTS header: exists=false, maxAge=0, includeSubDomains=false, preload=false. HSTS preload list status: unknown/not preloaded.
Remediation
Add HSTS header via Cloudflare: 1. SSL/TLS → Edge Certificates → Enable HSTS 2. Set max-age to 31536000 (1 year) 3. Enable includeSubDomains 4. After stable period, submit to hstspreload.org Or via _headers file: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
No Content Security Policy (CSP)
No Content-Security-Policy header is configured. CSP is the primary defense against Cross-Site Scripting (XSS) and data injection attacks. Without it, any injected scripts can execute unrestricted and exfiltrate data to arbitrary origins.
Evidence
CSP analysis: raw=null, directives=[], missingDirectives=[].
Remediation
Implement a strict CSP via Cloudflare Transform Rules or _headers: Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' Start with Content-Security-Policy-Report-Only to test without breaking functionality.
MTA-STS Record Exists But Policy Not Enforced
An MTA-STS DNS record exists (v=STSv1; id=20260205T000000) but the policy mode could not be retrieved or is not set to 'enforce'. MTA-STS prevents TLS downgrade attacks on email delivery — without enforcement, attackers can strip TLS from SMTP connections.
Evidence
MTA-STS record: 'v=STSv1; id=20260205T000000'. Policy mode: null (policy file at /.well-known/mta-sts.txt may be inaccessible or mode not set to enforce).
Remediation
1. Ensure /.well-known/mta-sts.txt is accessible at https://mta-sts.houstons.tech/.well-known/mta-sts.txt 2. Set policy to enforce: version: STSv1 mode: enforce mx: mx1.forwardemail.net mx: mx2.forwardemail.net max_age: 86400 3. Update DNS record ID after changes
No CAA Records Configured
No Certificate Authority Authorization (CAA) DNS records are present. CAA restricts which CAs can issue certificates for the domain, preventing unauthorized certificate issuance. Without CAA, any CA can issue certificates for houstons.tech.
Evidence
CAA DNS query returned empty result: caa=[].
Remediation
Add CAA records in Cloudflare DNS: houstons.tech. CAA 0 issue "letsencrypt.org" houstons.tech. CAA 0 issue "pki.goog" houstons.tech. CAA 0 issuewild "letsencrypt.org" houstons.tech. CAA 0 issuewild "pki.goog" houstons.tech. CAA 0 iodef "mailto:security@houstons.tech"
No Sitemap.xml Available
No sitemap.xml was found at the standard location. While primarily an SEO concern, sitemaps also help security assessors understand site structure and identify unlinked content that may be inadvertently exposed.
Evidence
Sitemap accessible: false. Crawl returned only 1 page with HTTP 525 (SSL Handshake Failed). sitemap.xml URL count: 0.
Remediation
Create a sitemap.xml at the root: <?xml version="1.0" encoding="UTF-8"?> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <url><loc>https://houstons.tech/</loc></url> </urlset> Deploy alongside the static site.
No security.txt Disclosure Policy
No security.txt file exists at /.well-known/security.txt (RFC 9116). This file provides security researchers with a standardized way to report vulnerabilities. Its absence may delay responsible disclosure of discovered issues.
Evidence
securityTxt: null.
Remediation
Create /.well-known/security.txt: Contact: mailto:security@houstons.tech Expires: 2027-03-05T00:00:00.000Z Preferred-Languages: en Canonical: https://houstons.tech/.well-known/security.txt
Cloudflare SSL Handshake Failure (HTTP 525)
The site crawler received HTTP 525 (SSL Handshake Failed) when accessing houstons.tech. This Cloudflare-specific error indicates the SSL handshake between Cloudflare's edge and the origin server failed. This may cause intermittent access failures for visitors.
Evidence
Crawl result: https://houstons.tech/ → status 525. Title: null. Links found: 0.
Remediation
Check Cloudflare SSL/TLS settings: 1. Ensure SSL mode is 'Full (Strict)' if origin has a valid cert, or 'Flexible' for Pages sites 2. If using Cloudflare Pages: verify custom domain is properly linked 3. Check origin server cert is valid and matches the domain 4. Review Cloudflare Analytics → SSL errors for frequency
Single DNS Provider (No NS Diversity)
Both nameservers (eleanor.ns.cloudflare.com, watson.ns.cloudflare.com) are operated by Cloudflare. While Cloudflare's anycast infrastructure provides redundancy, a provider-level outage or account compromise would affect all DNS resolution.
Evidence
NS diversity: diverse=false, providers=['cloudflare.com']. NS count: 2.
Remediation
This is generally acceptable for Cloudflare-hosted domains due to their anycast architecture. For critical infrastructure, consider secondary DNS via Cloudflare's multi-provider DNS feature or a secondary NS from another provider.
No DANE/TLSA Records
No DANE (DNS-based Authentication of Named Entities) TLSA records are configured. DANE binds X.509 certificates to DNS via DNSSEC, providing an additional layer of certificate verification. Since DNSSEC is enabled, DANE would be effective.
Evidence
DANE records: [].
Remediation
Add TLSA records for the MX servers: _25._tcp.mx1.forwardemail.net. TLSA 3 1 1 <SHA-256 hash of MX cert> Note: DANE requires DNSSEC (already enabled) and MX provider support.
No BIMI Record Configured
No BIMI (Brand Indicators for Message Identification) record is configured. BIMI displays the brand logo in supporting email clients when DMARC passes, improving brand recognition and email trust.
Evidence
BIMI record: empty.
Remediation
After resolving DKIM (HST-003), implement BIMI: 1. Create SVG logo (Tiny 1.2 profile) 2. Add DNS record: default._bimi.houstons.tech TXT "v=BIMI1; l=https://houstons.tech/brand/logo.svg" 3. Optional: Obtain VMC (Verified Mark Certificate) for Gmail display
18 Subdomains Discovered via Certificate Transparency
Certificate Transparency logs reveal 18 distinct subdomains for houstons.tech. This provides a comprehensive view of the infrastructure footprint. Notable subdomains include development (dev.intro), infrastructure (infra, pve-dev, udm), application (domains, projects, license, opsis), and utility (link, parking, status) services.
Evidence
CT subdomains: akerasky, dev.intro, domains, infra, intro, iphone, libby, license, link, openpgpkey, opsis, parking, projects, projectsboard, pve-dev, status, testing, udm.
Remediation
Review each subdomain: - Verify all are intentional and actively used - Ensure development/testing subdomains (dev.intro, testing, pve-dev) are not publicly accessible - Remove DNS records for decommissioned subdomains to prevent subdomain takeover - Consider wildcard certs to reduce CT log exposure
AI Crawler Blocks Properly Configured
The robots.txt file uses Cloudflare's managed content signals to block AI training crawlers (ClaudeBot, GPTBot, Google-Extended, Bytespider, CCBot, Amazonbot, Applebot-Extended, meta-externalagent) while allowing search indexing. Content-Signal header indicates search=yes, ai-train=no.
Evidence
robots.txt: Content-Signal: search=yes,ai-train=no. 8 AI-specific User-agent blocks with Disallow: /. EU Directive 2019/790 Article 4 express rights reservation included.
Remediation
No action required. The AI content signal configuration is well-implemented with proper legal references.
Strong TLS Configuration — TLS 1.3 with PFS
TLS configuration is strong: TLS 1.3 is available as the primary protocol, TLS 1.2 is supported for compatibility, and legacy protocols (TLS 1.0/1.1) are properly rejected. Perfect Forward Secrecy (PFS) is enabled with AES-256 cipher.
Evidence
TLS 1.3: supported=true, TLS 1.2: supported=true, TLS 1.1: supported=false, TLS 1.0: supported=false. PFS: true. Cipher: Aes256. Protocol: Tls13. Certificate: Google Trust Services WE1, expires 2026-05-18.
Remediation
No action required. TLS configuration meets best practices.
SPF Hardfail + DMARC Reject — Strong Email Authentication
Email authentication is configured with best-practice policies: SPF uses -all (hardfail) qualifier with Forward Email and PowerSPF includes, and DMARC is set to p=reject with 100% enforcement and aggregate reporting configured.
Evidence
SPF: v=spf1 include:rdesxp47we.powerspf.com include:spf.forwardemail.net -all. DMARC: v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-692e36ea0f7dae52633f3085@forwardemail.net.
Remediation
No action required. SPF and DMARC configuration is exemplary.
DNSSEC Enabled
DNSSEC is enabled for houstons.tech, providing cryptographic authentication of DNS responses. This prevents DNS spoofing and cache poisoning attacks, and is a prerequisite for DANE.
Evidence
DNSSEC: enabled=true.
Remediation
No action required. DNSSEC is properly configured.
Clean Blacklist Status — All Lists Clear
The domain and associated IP addresses are not listed on any checked DNS blacklists (Spamhaus ZEN, SpamCop, Barracuda, SORBS, CBL) or domain reputation lists (Spamhaus DBL, URIBL, SURBL).
Evidence
IP blacklists: 5/5 clean (zen.spamhaus.org, bl.spamcop.net, b.barracudacentral.org, dnsbl.sorbs.net, cbl.abuseat.org). Domain blacklists: 4/4 clean (dbl.spamhaus.org, multi.uribl.com, multi.surbl.org, black.uribl.com).
Remediation
No action required. Domain reputation is clean.
Risk Matrix
Findings plotted by likelihood and impact
Compliance & Framework Assessment
Alignment against 9 industry frameworks
No compliance data available.
Email Security Deep Dive
SPF, DKIM, DMARC, MTA-STS, TLS-RPT, DANE, and BIMI analysis
| Protocol | Status | Details |
|---|---|---|
| SPF | Found | v=spf1 include:rdesxp47we.powerspf.com include:spf.forwardemail.net -allQualifier: hardfail |
| DKIM | Not Found | Checked 20 selectors |
| DMARC | Found | v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-692e36ea0f7dae52633f3085@forwardemail.net;Policy: reject |
| MTA-STS | Missing | v=STSv1; id=20260205T000000; |
| TLS-RPT | Configured | v=TLSRPTv1; rua=mailto:tls-rpt@forwardemail.net |
| DANE/TLSA | Not Found | No TLSA records |
| BIMI | Not Found | No BIMI record |
SPF Mechanism Analysis
include:rdesxp47we.powerspf.cominclude:spf.forwardemail.net-allDNS & Domain Infrastructure
Nameservers, records, and DNSSEC status
| Record Type | Value |
|---|---|
| NS | eleanor.ns.cloudflare.com watson.ns.cloudflare.com |
| MX | 10 mx1.forwardemail.net 20 mx2.forwardemail.net |
| A | 172.67.179.12 104.21.51.107 |
| AAAA | 2606:4700:3034::6815:336b 2606:4700:3036::ac43:b30c |
| SOA | eleanor.ns.cloudflare.com dns.cloudflare.com 2398106838 |
| CAA | |
| DNSSEC | Enabled |
Infrastructure Geolocation
| IP | Location | ISP / Org |
|---|---|---|
| 172.67.179.12 | Toronto, Canada | Cloudflare, Inc. |
| 104.21.51.107 | Toronto, Canada | Cloudflare, Inc. |
DNS Quality Metrics
Nameserver diversity, propagation, and configuration health
DNS Propagation Check
DNS resolution is consistent across global resolvers.
| Resolver | Results |
|---|---|
| Google 8.8.8.8 | 104.21.51.107,172.67.179.12 |
| Cloudflare 1.1.1.1 | 104.21.51.107,172.67.179.12 |
| Quad9 9.9.9.9 | 104.21.51.107,172.67.179.12 |
| OpenDNS 208.67.222.222 | 104.21.51.107,172.67.179.12 |
TTL Values
| Record Type | TTL (seconds) |
|---|---|
| A | 137 |
| MX | 299 |
| NS | 3599 |
HTTP Security Headers
Analysis of security-related HTTP response headers
| Header | Status | Value |
|---|---|---|
| Strict-Transport-Security | Missing | — |
| Content-Security-Policy | Missing | — |
| X-Frame-Options | Missing | — |
| X-Content-Type-Options | Missing | — |
| Referrer-Policy | Missing | — |
| Permissions-Policy | Missing | — |
| X-XSS-Protection | Missing | — |
| Cross-Origin-Opener-Policy | Missing | — |
| Cross-Origin-Resource-Policy | Missing | — |
| Cross-Origin-Embedder-Policy | Missing | — |
| Cache-Control | Missing | — |
| Server | Missing | — |
Cookie, CORS & Web Security
Cookie flags, CORS policy, mixed content, and CSP analysis
CORS Policy
Access-Control-Allow-Origin: Not set
CSP Analysis
{
"directives": [],
"raw": null,
"missingDirectives": []
}Blacklist & Email Reputation
DNSBL and domain reputation checks
The DNS resolver is blocking DNSBL queries. Blacklist results below may be unreliable.
IP Blacklist Checks
| DNSBL | Status |
|---|---|
| zen.spamhaus.org | Clean |
| bl.spamcop.net | Clean |
| b.barracudacentral.org | Clean |
| dnsbl.sorbs.net | Clean |
| cbl.abuseat.org | Clean |
Domain Blacklist Checks
| DNSBL | Status |
|---|---|
| dbl.spamhaus.org | Clean |
| multi.uribl.com | Clean |
| multi.surbl.org | Clean |
| black.uribl.com | Clean |
MITM Attack Surface
Man-in-the-Middle resistance across web and email channels
TLS Version Support
| Version | Supported | Status |
|---|---|---|
| TLSv1 | No | OK |
| TLSv1.1 | No | OK |
| TLSv1.2 | Yes | OK |
| TLSv1.3 | Yes | OK |
HTTP → HTTPS Redirect Chain
HTTP requests are not redirected to HTTPS.
| Hop | URL | Status |
|---|---|---|
| 1 | http://houstons.tech | HTTP |
SMTP Analysis
Mail server banner, capabilities, and encryption
| Check | Result |
|---|---|
| Banner | 220 mx1.forwardemail.net ESMTP |
| EHLO Capabilities | mx1.forwardemail.net Nice to meet you, [[scanner-ip]] |
| STARTTLS | Not Supported |
| PTR Record | mx1.forwardemail.net |
OSINT & Historical Intelligence
Certificate transparency, archived snapshots, and subdomain enumeration
Certificate Transparency Logs
| Common Name | Issuer | Not Before |
|---|---|---|
| libby.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-25T13:47:58 |
| libby.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-25T13:47:58 |
| domains.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-23T23:13:59 |
| domains.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-23T23:13:59 |
| domains.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-02-23T23:13:56 |
| domains.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-02-23T23:13:56 |
| houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-02-16T16:52:36 |
| houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-02-16T16:52:36 |
| houstons.tech | C=US, O=Google Trust Services, CN=WR1 | 2026-02-16T16:52:28 |
| status.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-08T19:56:51 |
| status.houstons.tech | C=US, O=Let's Encrypt, CN=E7 | 2026-02-08T19:56:51 |
| opsis.houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-01-31T20:18:37 |
| houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-01-15T02:04:09 |
| opsis.houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-01-31T20:18:37 |
| opsis.houstons.tech | C=US, O=Google Trust Services, CN=WR1 | 2026-01-31T20:18:28 |
| openpgpkey.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-01-31T06:39:01 |
| openpgpkey.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-01-31T06:39:01 |
| link.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-01-30T23:46:12 |
| link.houstons.tech | C=US, O=Let's Encrypt, CN=R12 | 2026-01-30T23:46:12 |
| license.houstons.tech | C=US, O=Google Trust Services, CN=WE1 | 2026-01-30T06:13:22 |
Showing 20 of 50 certificates
Typosquatting & Similar Domains
Common misspellings and confusable domain variants that could be used for phishing or brand impersonation. These should be monitored or defensively registered.
72 variants generated: 12 tld variant, 2 homoglyph, 7 transposed, 31 adjacent key, 8 missing letter, 8 doubled letter, 4 hyphenation
Showing 24 of 72 variants (highest-threat first)
Discovered Subdomains (18)
| Subdomain |
|---|
| akerasky.houstons.tech |
| dev.intro.houstons.tech |
| domains.houstons.tech |
| infra.houstons.tech |
| intro.houstons.tech |
| iphone.houstons.tech |
| libby.houstons.tech |
| license.houstons.tech |
| link.houstons.tech |
| openpgpkey.houstons.tech |
| opsis.houstons.tech |
| parking.houstons.tech |
| projects.houstons.tech |
| projectsboard.houstons.tech |
| pve-dev.houstons.tech |
| status.houstons.tech |
| testing.houstons.tech |
| udm.houstons.tech |
Technology Stack
Detected platform, CDN, WAF, and server details
| Component | Details |
|---|---|
| TLS Version | TLS 1.3 |
| Cipher Suite | Aes256 |
| SSL Expiry | 2026-05-18 |
| Perfect Forward Secrecy | Yes |
Hosting & Infrastructure
Hosting provider, server software, CMS detection, and certificate history
| Component | Details |
|---|---|
| Hosting Provider | Cloudflare |
| ASN Organization | Cloudflare, Inc. |
Certificate Issuer History
| Issuer | Certificates | First Seen | Last Seen |
|---|---|---|---|
| 50 | 2026-01-28T20:52:06 | 2026-01-31T06:39:01 |
WHOIS & Domain Intelligence
Domain registration, expiry, registrant contacts, and TLD-specific status analysis via RDAP
Domain Profile
| Field | Value |
|---|---|
| TLD | .tech |
| Registrant Privacy | No (public registration) |
| RDAP Source | https://rdap.org/domain/houstons.tech |
SEO & Visibility
Meta tags, Open Graph, structured data, and sitemap analysis
| Check | Status | Details |
|---|---|---|
| Title Tag | Missing | — |
| Meta Description | Missing | — |
| Canonical URL | Missing | — |
| Viewport Meta | Missing | — |
| JSON-LD Structured Data | Missing | — |
| Twitter Card | Missing | — |
| Sitemap | Missing | — |
robots.txt Directives (19)
User-agent: * Content-Signal: search=yes,ai-train=no Allow: / User-agent: Amazonbot Disallow: / User-agent: Applebot-Extended Disallow: / User-agent: Bytespider Disallow: / User-agent: CCBot Disallow: / User-agent: ClaudeBot Disallow: / User-agent: Google-Extended Disallow: / User-agent: GPTBot Disallow: / User-agent: meta-externalagent Disallow: /
Site Structure & Crawl Analysis
Pages discovered via HTTP crawl compared against sitemap.xml
Site Map Diagram
Broken Links (1)
| URL | Status | Linked From |
|---|---|---|
https://houstons.tech/ | 525 | — |
Discovered But Not in Sitemap (1)
These pages were found by crawling but are missing from sitemap.xml. Consider adding them for better SEO indexing.
Proactive Monitoring Recommendations
Recommended monitoring and alerting setup
No monitoring recommendations available.
Recommendations & Remediation Roadmap
Prioritized actions grouped by timeline
Immediate (0-48 hours)
| Finding | Severity | Action | Effort |
|---|---|---|---|
HST-002 | High | Enable Always Use HTTPS in Cloudflare — eliminates plaintext HTTP exposure | 1 minute |
HST-005 | High | Enable HSTS via Cloudflare SSL/TLS dashboard — prevents SSL stripping attacks | 2 minutes |
Short Term (1-2 weeks)
| Finding | Severity | Action | Effort |
|---|---|---|---|
HST-001 | Critical | Deploy full security headers via Cloudflare Transform Rules (CSP, XFO, XCTO, RP, PP) | 15 minutes |
HST-006 | High | Implement Content Security Policy with strict directives | 15 minutes |
HST-003 | High | Configure DKIM records with Forward Email to complete email auth triad | 10 minutes |
HST-008 | Medium | Add CAA DNS records restricting cert issuance to Google Trust + Let's Encrypt | 5 minutes |
Medium Term (1-3 months)
| Finding | Severity | Action | Effort |
|---|---|---|---|
HST-007 | Medium | Enforce MTA-STS policy (create mta-sts.houstons.tech subdomain + policy file) | 30 minutes |
HST-004 | High | Investigate SMTP STARTTLS with Forward Email — verify provider TLS support | 20 minutes |
HST-010 | Medium | Create /.well-known/security.txt with RFC 9116 fields | 5 minutes |
HST-015 | Info | Audit 18 subdomains for stale/exposed services — remove unused DNS records | 1 hour |
HST-011 | Medium | Investigate Cloudflare 525 SSL handshake error — verify origin cert config | 15 minutes |
Appendices
Raw data, glossary, and disclaimers
A. robots.txt
# As a condition of accessing this website, you agree to abide by the following # content signals: # (a) If a Content-Signal = yes, you may collect content for the corresponding # use. # (b) If a Content-Signal = no, you may not collect content for the # corresponding use. # (c) If the website operator does not include a Content-Signal for a # corresponding use, the website operator neither grants nor restricts # permission via Content-Signal with respect to the corresponding use. # The content signals and their meanings are: # search: building a search index and providing search results (e.g., returning # hyperlinks and short excerpts from your website's contents). Search does not # include providing AI-generated search summaries. # ai-input: inputting content into one or more AI models (e.g., retrieval # augmented generation, grounding, or other real-time taking of content for # generative AI search answers). # ai-train: training or fine-tuning AI models. # ANY RESTRICTIONS EXPRESSED VIA CONTENT SIGNALS ARE EXPRESS RESERVATIONS OF # RIGHTS UNDER ARTICLE 4 OF THE EUROPEAN UNION DIRECTIVE 2019/790 ON COPYRIGHT # AND RELATED RIGHTS IN THE DIGITAL SINGLE MARKET. # BEGIN Cloudflare Managed content User-agent: * Content-Signal: search=yes,ai-train=no Allow: / User-agent: Amazonbot Disallow: / User-agent: Applebot-Extended Disallow: / User-agent: Bytespider Disallow: / User-agent: CCBot Disallow: / User-agent: ClaudeBot Disallow: / User-agent: Google-Extended Disallow: / User-agent: GPTBot Disallow: / User-agent: meta-externalagent Disallow: / # END Cloudflare Managed Content
B. Glossary
| Term | Definition |
|---|---|
| SPF | Sender Policy Framework — restricts which servers can send email for a domain |
| DKIM | DomainKeys Identified Mail — cryptographic email authentication |
| DMARC | Domain-based Message Authentication, Reporting & Conformance |
| MTA-STS | Mail Transfer Agent Strict Transport Security — enforces TLS for email |
| TLS-RPT | TLS Reporting — receive reports about email TLS failures |
| DANE/TLSA | DNS-based Authentication of Named Entities — binds certificates to DNS |
| DNSSEC | Domain Name System Security Extensions — cryptographic DNS validation |
| CAA | Certificate Authority Authorization — restricts which CAs can issue certificates |
| BIMI | Brand Indicators for Message Identification — brand logo in email clients |
| HSTS | HTTP Strict Transport Security — forces HTTPS connections |
| CSP | Content Security Policy — controls which resources a page can load |
| DNSBL | DNS-based Blackhole List — real-time email/IP reputation service |
C. Disclaimer
This security assessment was performed using publicly available information only. No intrusive testing, penetration testing, or vulnerability exploitation was conducted.
Severity ratings use a qualitative likelihood x impact risk matrix aligned with ISO 27005. Risk scores are indicative and based on professional judgement.
This document is classified CONFIDENTIAL and is intended solely for the named recipient.
Assessment methodology references: NIST SP 800-177 Rev. 1, OWASP Secure Headers Project, PCI DSS v4.0, UK Cyber Essentials, ACSC Essential Eight, ISO 27005.