Sample report

perimeter-check.com

Generated Apr 7, 2025, 13:20 UTC · Perimeter

Posture: Good

14 findings · Top Risks Highlighted Below

Missing Strict-Transport-Security
Missing Content-Security-Policy
DMARC policy is p=none
Outdated platform: WordPress
No DKIM selectors detected

Quick Wins

Deploy CSP with nonces/hashes and avoid unsafe-inline
Advance DMARC to p=quarantine or p=reject after monitoring
Add HSTS with a long max-age after verifying subdomains
Plan a WordPress upgrade to the latest release
Publish DKIM keys for your outbound mail provider

Executive Summary

This report summarizes passive security posture signals observed for perimeter-check.com. Assessments use non-intrusive, read-only checks of public DNS, TLS, HTTP, email, and related surface data. Results reflect configuration visible at the time of the scan; they are not a penetration test, covert red-team engagement, or substitute for a formal risk assessment. perimeter-check.com responded over HTTPS, and MX records exist for inbound mail. Web and email findings below reflect those observed surfaces.

The weighted composite posture score is 73 out of 100, indicating Good overall posture. The greatest scoring gaps relative to other areas are in email authentication and HTTP security headers, which should be prioritized for remediation planning.

The review recorded 14 findings. Representative themes among higher-severity items include Missing Strict-Transport-Security and Missing Content-Security-Policy. Detailed evidence, severity, and recommended actions appear in the findings section below.

Score Breakdown

DNS

88 / 100

Strong

REGISTRATION

92 / 100

Strong

WEBSITE

76 / 100

Good

HEADERS

58 / 100

Fair

TLS

84 / 100

Strong

54 / 100

Fair

COMPONENTS

68 / 100

Fair

EXPOSURE

74 / 100

Fair

COMPLIANCE

78 / 100

Good

Relative Strength By Area

Findings

Print View PDF JSON CSV Re-Scan

Severity	Title	Category · Glossary	Status
high	Missing Content-Security-Policy Asset: https://perimeter-check.com/ Evidence: No CSP response header on homepage Why it matters: CSP reduces XSS impact and controls resource loading. Recommendation: Deploy a strict CSP with nonces/hashes and avoid unsafe-inline. More: Glossary: CSP Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP	HTTP Security Headers	warn
high	Missing Strict-Transport-Security Asset: https://perimeter-check.com/ Evidence: No HSTS header on homepage response Why it matters: Without HSTS, clients may be vulnerable to SSL stripping. Recommendation: Send HSTS with a long max-age, includeSubDomains, and preload as appropriate. More: Glossary: HSTS Reference: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html	HTTP Security Headers	fail
medium	DMARC policy is p=none Asset: _dmarc.perimeter-check.com Evidence: v=DMARC1; p=none; rua=mailto:[email protected] Why it matters: Monitoring-only policy does not block spoofed messages. Recommendation: Advance to p=quarantine or p=reject after monitoring. More: Glossary: DMARC Reference: https://datatracker.ietf.org/doc/html/rfc7489	Email Security	warn
medium	No DKIM selectors detected Asset: perimeter-check.com Evidence: Checked common selectors only Why it matters: DKIM provides message integrity and domain alignment. Recommendation: Publish DKIM keys for your outbound mail provider. More: Glossary: DKIM	Email Security	warn
medium	Outdated platform: WordPress Asset: https://perimeter-check.com/ Evidence: Detected WordPress 6.6.2 (reference release 6.7.2) Why it matters: Running an older CMS or site platform increases exposure to known issues. Recommendation: Plan an upgrade to 6.7.2 or newer following vendor guidance and backups. Reference: https://wordpress.org/download/	Components	warn
low	Email addresses visible on homepage Asset: https://perimeter-check.com/ Evidence: [email protected] Why it matters: Scrapers collect public emails for spam and phishing. Recommendation: Use contact forms or obfuscate addresses where appropriate.	Exposure & Privacy	info
low	No cookie policy or consent notice detected Asset: https://perimeter-check.com/ Evidence: No cookie-policy path match or cookie/consent wording in homepage HTML (demo text) Why it matters: Sites using non-essential cookies often need visible notice and choices. Recommendation: Publish a cookie notice and use a consent mechanism appropriate to your traffic.	Compliance & transparency	warn
low	Server header exposed Asset: https://perimeter-check.com/ Evidence: Server: cloudflare Why it matters: Version disclosure can aid attackers in targeting known issues. Recommendation: Remove or genericize the Server header at the edge.	Website	info
low	TLS 1.3 available (TLS 1.2 also enabled) Asset: perimeter-check.com:443 Evidence: Handshake offered TLS 1.3 and TLS 1.2 Why it matters: Modern TLS versions improve performance and cipher agility. Recommendation: Prefer TLS 1.3 where clients support it; disable legacy protocols.	TLS/SSL	info
informational	CDN / edge detected Asset: perimeter-check.com Evidence: Possible provider keyword: cloudflare Why it matters: Traffic may be fronted by a CDN or reverse proxy. Recommendation: Ensure origin is not exposed and TLS is terminated with modern settings.	DNS & Infrastructure	info
informational	Privacy policy or notice appears discoverable Asset: https://perimeter-check.com/ Evidence: Privacy-related link href in homepage HTML Why it matters: Transparency about data practices supports user trust and many regulatory expectations. Recommendation: Keep policy pages current and easy to find from the footer and forms.	Compliance & transparency	pass
informational	Registrant data appears redacted in RDAP Asset: perimeter-check.com Evidence: Registrant fields show privacy/redaction markers Why it matters: Redaction reduces easy harvesting of contact data from public RDAP. Recommendation: Keep privacy service enabled at renewal; review registrar notifications. Reference: https://www.icann.org/resources/pages/gtld-registration-data-specs-en	Registration / WHOIS (RDAP)	pass
informational	RFC 9116 security.txt present Asset: https://perimeter-check.com/.well-known/security.txt Evidence: Contact: mailto:[email protected] Why it matters: A machine-readable security contact helps coordinated vulnerability disclosure. Recommendation: Keep Expires current and add Canonical URLs if you mirror the file. More: Glossary: security.txt Reference: https://www.rfc-editor.org/rfc/rfc9116.html	Compliance & transparency	pass
informational	Terms or conditions appear discoverable Asset: https://perimeter-check.com/ Evidence: Terms-related link in homepage HTML Why it matters: Clear terms reduce disputes and set expectations for service use. Recommendation: Review periodically with counsel; link from signup and footers.	Compliance & transparency	pass

DNS Records

88/100

DNS hosting (hint) Cloudflare DNS (NS: ns1.cloudflare.com, ns2.cloudflare.com)

Strengths 5 · passing checks & positive signals

Severity	Observation	Status
informational	Domain name resolves A and/or AAAA records present for perimeter-check.com.	pass
informational	Authoritative nameservers published 2 NS record(s) returned.	pass
informational	MX records present 1 MX record(s); inbound mail routing is configured.	pass
informational	www host resolves DNS answers for www.perimeter-check.com.	pass
informational	CAA records published 1 record(s) listing permitted certificate authorities.	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
informational	CDN / edge detected Asset: perimeter-check.com Evidence: Possible provider keyword: cloudflare Why it matters: Traffic may be fronted by a CDN or reverse proxy. Recommendation: Ensure origin is not exposed and TLS is terminated with modern settings.	info

Technical Details (JSON)

{
    "domain": "perimeter-check.com",
    "apex_resolves": true,
    "a": [
        {
            "host": "perimeter-check.com",
            "type": "A",
            "ip": "104.21.0.1"
        }
    ],
    "ns": [
        {
            "target": "ns1.cloudflare.com"
        },
        {
            "target": "ns2.cloudflare.com"
        }
    ],
    "mx": [
        {
            "target": "aspmx.l.google.com",
            "pri": 1
        }
    ],
    "caa": [
        {
            "flag": 0,
            "tag": "issue",
            "value": "letsencrypt.org"
        }
    ],
    "ipv6_posture": {
        "has_aaaa": false,
        "summary": "No AAAA record for perimeter-check.com in this sample."
    },
    "dnssec": {
        "appears_signed": false
    },
    "provider_intel": "Cloudflare DNS (NS: ns1.cloudflare.com, ns2.cloudflare.com)",
    "cdn_guess": "Possible provider keyword: cloudflare",
    "http_to_https": {
        "http_reachable": true,
        "https_reachable": true,
        "redirects_to_https": true
    },
    "www": {
        "resolves": true,
        "records": [
            {
                "type": "A",
                "ip": "104.21.0.1"
            }
        ]
    }
}

Infrastructure & Edge

88/100

DNS hosting (hint) Edge / CDN: traffic likely proxied by Cloudflare

Technical Details (JSON)

{
    "cdn_guess": "Possible provider keyword: cloudflare",
    "http_to_https": {
        "http_reachable": true,
        "https_reachable": true,
        "redirects_to_https": true
    },
    "provider_intel": "Edge / CDN: traffic likely proxied by Cloudflare"
}

Registration & WHOIS (RDAP)

92/100

DNS hosting (hint) Registration & WHOIS-style review uses public RDAP (not port 43 WHOIS).

Registrar (RDAP) Example Registrar LLC

Registration Facts

RDAP: Retrieved
Registrar: Example Registrar LLC
Domain status: client transfer prohibited, client delete prohibited
Registered: Jan 1, 2020 UTC
Expires: Jan 1, 2027 UTC (~270 days)
Registrant visibility (hint): Registrant contact appears redacted or privacy-protected in RDAP

Suggestions

Keep WHOIS privacy enabled; use an alias email for registrar notices if offered.
RDAP is the modern public registry view; fields may differ from legacy WHOIS.

ICANN RDAP reflects registry/registrar data. It is not a full legal ownership record; some TLDs redact heavily.

Strengths 4 · passing checks & positive signals

Severity	Observation	Status
informational	Registrant data appears redacted in RDAP Registrant fields show privacy/redaction markers	pass
informational	RDAP registration data retrieved Public registry RDAP returned data for this TLD (not legacy port-43 WHOIS).	pass
informational	Expiration date present in RDAP Useful for renewal planning and takeover risk awareness.	pass
informational	Registrant contact appears redacted or privacy-protected Registrant contact appears redacted or privacy-protected in RDAP	pass

Issues & notes 0 · warnings, failures, or info

No issues or notes recorded for this area.

Technical Details (JSON)

{
    "rdap_available": true,
    "registrar": "Example Registrar LLC",
    "domain_status": [
        "client transfer prohibited",
        "client delete prohibited"
    ],
    "dates": {
        "registration": "Jan 1, 2020 UTC",
        "expiration": "Jan 1, 2027 UTC",
        "last_changed": "Jun 15, 2024 UTC",
        "days_to_expiry": 270
    },
    "privacy_summary": "Registrant contact appears redacted or privacy-protected in RDAP",
    "note": "ICANN RDAP reflects registry/registrar data. It is not a full legal ownership record; some TLDs redact heavily.",
    "registration_facts": [
        {
            "label": "RDAP",
            "value": "Retrieved"
        },
        {
            "label": "Registrar",
            "value": "Example Registrar LLC"
        },
        {
            "label": "Domain status",
            "value": "client transfer prohibited, client delete prohibited"
        },
        {
            "label": "Registered",
            "value": "Jan 1, 2020 UTC"
        },
        {
            "label": "Expires",
            "value": "Jan 1, 2027 UTC (~270 days)"
        },
        {
            "label": "Registrant visibility (hint)",
            "value": "Registrant contact appears redacted or privacy-protected in RDAP"
        }
    ],
    "registration_suggestions": [
        "Keep WHOIS privacy enabled; use an alias email for registrar notices if offered.",
        "RDAP is the modern public registry view; fields may differ from legacy WHOIS."
    ],
    "provider_intel": "Registration & WHOIS-style review uses public RDAP (not port 43 WHOIS)."
}

Website

76/100

Transfer encoding gzip (Content-Encoding) · probe: Accept-Encoding gzip, deflate, br

Third-Party Tracking & Analytics

Detected from homepage HTML (script URLs and inline hints). Dynamic tags loaded later are not visible here.

Google Tag Manager googletagmanager.com/gtm.js?id=GTM-ABC12
Google Analytics (GA4 / gtag) googletagmanager.com/gtag/js?id=G-XXXXXXXX
Meta (Facebook) Pixel connect.facebook.net/en_US/fbevents.js
Hotjar static.hotjar.com/c/hotjar-1.js
LinkedIn Insight Tag snap.licdn.com/li.lms-analytics/insight.min.js

DNS hosting (hint) Web / edge: traffic likely proxied by Cloudflare · Cloudflare edge

Strengths 6 · passing checks & positive signals

Severity	Observation	Status
informational	HTTPS homepage responds HTTP 200 from https:// (homepage reachable).	pass
informational	robots.txt available Endpoint returned a successful response (HEAD probe).	pass
informational	security.txt available Endpoint returned a successful response (HEAD probe).	pass
informational	sitemap.xml available Endpoint returned a successful response (HEAD probe).	pass
informational	HTTP response compression Content-Encoding: gzip (probe sent Accept-Encoding: gzip, deflate, br).	pass
informational	Sensitive-path probes clean Configured probe paths did not look exposed (best-effort).	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
low	Server header exposed Asset: https://perimeter-check.com/ Evidence: Server: cloudflare Why it matters: Version disclosure can aid attackers in targeting known issues. Recommendation: Remove or genericize the Server header at the edge.	info

Technical Details (JSON)

{
    "https": {
        "ok": true,
        "status": 200,
        "headers": {
            "server": "cloudflare",
            "x-powered-by": "PHP/8.2.30",
            "content-type": "text/html; charset=UTF-8"
        },
        "body": "<!doctype html><html><head><script src=\"https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXX\"></script></head><body><a href=\"/privacy\">Privacy</a></body></html>"
    },
    "http": {
        "ok": true,
        "status": 301
    },
    "mixed_content_hint": null,
    "robots_txt": {
        "exists": true,
        "status": 200
    },
    "security_txt": {
        "exists": true,
        "status": 200
    },
    "sitemap_xml": {
        "exists": true,
        "status": 200
    },
    "favicon": {
        "exists": true,
        "status": 200
    },
    "sensitive_paths": {
        "/.env": {
            "status": 404,
            "length": 15,
            "likely_exposed": false
        },
        "/.git/config": {
            "status": 404,
            "length": 12,
            "likely_exposed": false
        }
    },
    "response_compression": {
        "ok": true,
        "status": 200,
        "encodings": [
            "gzip"
        ],
        "header_raw": "gzip",
        "probe_accept_encoding": "gzip, deflate, br"
    },
    "provider_intel": "Web / edge: traffic likely proxied by Cloudflare · Cloudflare edge",
    "og_image": "https://www.iana.org/static/img/iana-logo.svg",
    "tracking_signals": [
        {
            "id": "google_tag_manager",
            "label": "Google Tag Manager",
            "detail": "googletagmanager.com/gtm.js?id=GTM-ABC12"
        },
        {
            "id": "google_analytics_ga4",
            "label": "Google Analytics (GA4 / gtag)",
            "detail": "googletagmanager.com/gtag/js?id=G-XXXXXXXX"
        },
        {
            "id": "facebook_pixel",
            "label": "Meta (Facebook) Pixel",
            "detail": "connect.facebook.net/en_US/fbevents.js"
        },
        {
            "id": "hotjar",
            "label": "Hotjar",
            "detail": "static.hotjar.com/c/hotjar-1.js"
        },
        {
            "id": "linkedin_insight",
            "label": "LinkedIn Insight Tag",
            "detail": "snap.licdn.com/li.lms-analytics/insight.min.js"
        }
    ]
}

HTTP Security Headers

58/100

Strengths 3 · passing checks & positive signals

Severity	Observation	Status
informational	X-Content-Type-Options set nosniff	pass
informational	X-Frame-Options set SAMEORIGIN	pass
informational	Referrer-Policy set strict-origin-when-cross-origin	pass

Issues & notes 2 · warnings, failures, or info

Severity	Observation	Status
high	Missing Content-Security-Policy Asset: https://perimeter-check.com/ Evidence: No CSP response header on homepage Why it matters: CSP reduces XSS impact and controls resource loading. Recommendation: Deploy a strict CSP with nonces/hashes and avoid unsafe-inline. More: Glossary: CSP Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP	warn
high	Missing Strict-Transport-Security Asset: https://perimeter-check.com/ Evidence: No HSTS header on homepage response Why it matters: Without HSTS, clients may be vulnerable to SSL stripping. Recommendation: Send HSTS with a long max-age, includeSubDomains, and preload as appropriate. More: Glossary: HSTS Reference: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html	fail

Technical Details (JSON)

{
    "headers": {
        "strict-transport-security": "",
        "content-security-policy": "",
        "x-frame-options": "SAMEORIGIN",
        "x-content-type-options": "nosniff",
        "referrer-policy": "strict-origin-when-cross-origin"
    },
    "checks": {
        "hsts": "",
        "csp": "",
        "x-frame-options": "SAMEORIGIN",
        "x-content-type-options": "nosniff",
        "referrer-policy": "strict-origin-when-cross-origin"
    }
}

TLS / SSL

84/100

Strengths 2 · passing checks & positive signals

Severity	Observation	Status
informational	Certificate lifetime acceptable ~120 days until expiry (not in urgent renewal window).	pass
informational	TLS 1.3 negotiated Probe handshake using TLS 1.3 succeeded.	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
low	TLS 1.3 available (TLS 1.2 also enabled) Asset: perimeter-check.com:443 Evidence: Handshake offered TLS 1.3 and TLS 1.2 Why it matters: Modern TLS versions improve performance and cipher agility. Recommendation: Prefer TLS 1.3 where clients support it; disable legacy protocols.	info

Technical Details (JSON)

{
    "days_remaining": 120,
    "tls_versions": {
        "tls1_3": true,
        "tls1_2": true
    },
    "certificate": {
        "subject": "CN=perimeter-check.com",
        "issuer": "CN=R3,O=Let's Encrypt,C=US",
        "valid_to": "2025-08-01T12:00:00Z"
    },
    "certificate_transparency": {
        "names_sample": [
            "perimeter-check.com",
            "www.perimeter-check.com",
            "api.perimeter-check.com"
        ]
    }
}

Email Security

54/100

DNS hosting (hint) Inbound mail: likely Google Workspace / Gmail (primary MX: aspmx.l.google.com, priority 1)

Strengths 4 · passing checks & positive signals

Severity	Observation	Status
informational	MX records configured Primary MX: aspmx.l.google.com	pass
informational	SPF record published v=spf1 include:_spf.perimeter-check.com ~all	pass
informational	DMARC record published v=DMARC1; p=none; rua=mailto:[email protected]	pass
informational	DKIM DNS record(s) found Selectors with DKIM1: selectors_checked, records	pass

Issues & notes 2 · warnings, failures, or info

Severity	Observation	Status
medium	DMARC policy is p=none Asset: _dmarc.perimeter-check.com Evidence: v=DMARC1; p=none; rua=mailto:[email protected] Why it matters: Monitoring-only policy does not block spoofed messages. Recommendation: Advance to p=quarantine or p=reject after monitoring. More: Glossary: DMARC Reference: https://datatracker.ietf.org/doc/html/rfc7489	warn
medium	No DKIM selectors detected Asset: perimeter-check.com Evidence: Checked common selectors only Why it matters: DKIM provides message integrity and domain alignment. Recommendation: Publish DKIM keys for your outbound mail provider. More: Glossary: DKIM	warn

Technical Details (JSON)

{
    "dmarc": "v=DMARC1; p=none; rua=mailto:[email protected]",
    "spf": "v=spf1 include:_spf.perimeter-check.com ~all",
    "mx": [
        {
            "target": "aspmx.l.google.com",
            "pri": 1
        }
    ],
    "dkim": {
        "selectors_checked": [
            "default",
            "google"
        ],
        "records": []
    },
    "provider_intel": "Inbound mail: likely Google Workspace / Gmail (primary MX: aspmx.l.google.com, priority 1)"
}

Technology & Components

68/100

Platforms & CMS

Platform	Detected	Reference latest	Status
WordPress	6.6.2	6.7.2	Update available

Reference latest for self-hosted WordPress uses bundled defaults plus the WordPress.org API when the version cache is refreshed.

Strengths 2 · passing checks & positive signals

Severity	Observation	Status
informational	Platforms / CMS detected WordPress (6.6.2)	pass
informational	Client libraries fingerprinted jQuery 3.5.1; Lodash 4.17.20	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
medium	Outdated platform: WordPress Asset: https://perimeter-check.com/ Evidence: Detected WordPress 6.6.2 (reference release 6.7.2) Why it matters: Running an older CMS or site platform increases exposure to known issues. Recommendation: Plan an upgrade to 6.7.2 or newer following vendor guidance and backups. Reference: https://wordpress.org/download/	warn

Technical Details (JSON)

{
    "components": [
        {
            "name": "jQuery",
            "version": "3.5.1",
            "intel_key": "jquery"
        },
        {
            "name": "Lodash",
            "version": "4.17.20",
            "intel_key": "lodash"
        }
    ],
    "platforms": [
        {
            "id": "wordpress",
            "name": "WordPress",
            "version": "6.6.2",
            "confidence": "high",
            "evidence": "meta generator",
            "intel_key": "wordpress",
            "reference_latest": "6.7.2",
            "version_status": "behind"
        }
    ],
    "raw_generators": [
        "WordPress 6.6.2"
    ]
}

Exposure & Privacy

74/100

Strengths 3 · passing checks & positive signals

Severity	Observation	Status
informational	Security contact or disclosure hint Matched security@ / responsible disclosure style patterns.	pass
informational	No form actions pointing to plain HTTP No http:// form actions found in homepage HTML.	pass
informational	No obvious staging/dev keywords in HTML No staging/dev/test markers matched in page text.	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
low	Email addresses visible on homepage Asset: https://perimeter-check.com/ Evidence: [email protected] Why it matters: Scrapers collect public emails for spam and phishing. Recommendation: Use contact forms or obfuscate addresses where appropriate.	info

Technical Details (JSON)

{
    "homepage": "ok",
    "privacy_links": true,
    "terms_links": true,
    "contact_security": true,
    "cookie_banner_hint": true,
    "cookie_banner_detail": {
        "likely": true,
        "signals": [
            "onetrust",
            "generic_cmp"
        ]
    },
    "emails_on_page": [
        "[email protected]"
    ],
    "forms_http": false,
    "password_fields": true,
    "staging_leak": false,
    "subdomains": {
        "www": "resolves",
        "api": "resolves"
    },
    "ipv6_note": "No AAAA record for perimeter-check.com; IPv6-only users may rely on transitional paths.",
    "security_txt": {
        "reachable": true,
        "url": "https://perimeter-check.com/.well-known/security.txt",
        "parsed": true,
        "contact": "mailto:[email protected]",
        "expires": "2026-12-31T23:59:59Z",
        "canonical": [
            "https://perimeter-check.com/.well-known/security.txt"
        ],
        "preview": "Contact: mailto:[email protected]\nExpires: 2026-12-31T23:59:59Z\n"
    }
}

Compliance & Transparency

78/100

Transparency Automated transparency signals only; not legal or jurisdictional compliance advice.

Strengths 4 · passing checks & positive signals

Severity	Observation	Status
informational	Privacy policy or notice appears discoverable Privacy-related link href in homepage HTML	pass
informational	RFC 9116 security.txt present Contact: mailto:[email protected]	pass
informational	Terms or conditions appear discoverable Terms-related link in homepage HTML	pass
informational	security.txt with Contact field mailto:[email protected]	pass

Issues & notes 1 · warnings, failures, or info

Severity	Observation	Status
low	No cookie policy or consent notice detected Asset: https://perimeter-check.com/ Evidence: No cookie-policy path match or cookie/consent wording in homepage HTML (demo text) Why it matters: Sites using non-essential cookies often need visible notice and choices. Recommendation: Publish a cookie notice and use a consent mechanism appropriate to your traffic.	warn

Technical Details (JSON)

{
    "disclaimer": "Automated transparency signals only; not legal or jurisdictional compliance advice.",
    "security_txt": {
        "reachable": true,
        "url": "https://perimeter-check.com/.well-known/security.txt",
        "parsed": true,
        "contact": "mailto:[email protected]",
        "expires": "2026-12-31T23:59:59Z",
        "canonical": [
            "https://perimeter-check.com/.well-known/security.txt"
        ],
        "preview": "Contact: mailto:[email protected]\nExpires: 2026-12-31T23:59:59Z\n"
    },
    "signals": {
        "privacy_discoverable": true,
        "privacy_url": null,
        "cookie_policy_discoverable": false,
        "cookie_policy_url": null,
        "terms_discoverable": true,
        "terms_url": null
    }
}

Surface Discovery & CORS

88/100

Surface checks are sampled and best-effort; verify manually before acting.

Technical Details (JSON)

{
    "subdomain_candidates": [
        {
            "host": "www.perimeter-check.com",
            "https_ok": true,
            "note": "Sample surfaced host"
        },
        {
            "host": "api.perimeter-check.com",
            "https_ok": true,
            "note": "Sample API host"
        }
    ],
    "cors_probes": [
        {
            "host": "api.perimeter-check.com",
            "url": "https://api.perimeter-check.com/",
            "acao": "",
            "acac": "",
            "note": "No ACAO on OPTIONS sample"
        }
    ],
    "truncated": false,
    "note": "Surface checks are sampled and best-effort; verify manually before acting."
}