Hardenize results

Hello !! all the best to you all !
I have try test Hardenize and your results show me not good, because I use shared server and it not detect some configurations of Cloudflare .

This domain be in one shared server … Site5 reseller host , but I
use Cloudflare too and install the app from cloudflare.
But I see that your results that it show , is bad to my costumers and site.
The site are clean and I have the Seal of ScanMyServer …
It show results like :

  1. DNSSEC not real because in Cloudflare my dnssec are ok !! and
    your results dont show green (ok).

  2. My SPF are ok and Site5 say to ignore your results base in others
    good results, and shared server need have 13 lockups

  3. About this :
    Policy not preloaded
    When hostname is preloaded, that means that browsers embed your HSTS
    policy and apply it even to the first request sent to your web site.
    This server indicates preloading in its policy, but the domain name
    isn’t actually preloaded. We classify this as a warning because it’s a
    common problem to place the ‘preload’ keyword in the policy even
    though the infrastructure is not ready for preloading. This is
    dangerous because, in this situation, anyone can submit this domain
    name for preloading just by visiting hstspreload.org. We recommend
    that you either preload this domain name yourself—if it’s ready— or
    remove the preloading indicator from the policy until it is ready.
    But in Cloudflare the Preloads are configured

  4. Finish Site5 say that your are a third part software and the
    results i an way that your like … and sugest I ignore your results

What you say about …, need way to get All green in HARDENIZE …
Remember I have one Seal of ScanMyServer …

Thanks in advanced !!

You didn’t post the domain name, so we can’t offer much advice. Here’s my Hardenize report. I must have messed up on HSTS preload list, but I’ve re-added it. I’m re-doing my CSP since I just re-built my site.

Ok!! this is the result about …

You need to increase the HSTS time before you can put it on the preload list:

The missing CAA is a mystery, as Cloudflare should add that automatically. Open a ticket for this:

Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

Everything looks good. DNSSEC is green. SPF is up to you to properly set. I use dmarcian.com to test email DNS.

2 Likes

Well is this … CAA is mystery, but today from the website I try check again the Hardenize link, and I do not make any changes… and I see this result !!! .

No HTTP servers

This host doesn’t seem to have any HTTP servers. We’ll focus on evaluating the DNS and email configuration instead. !!!

I Think that I and people lost time with this App !!!!

That show bad things that are OK !!!

Thank you for your information.

Cloudflare does not append additional CAA records if Universal SSL is disabled or if no CAA records are added via the DNS app.

If you have no CAA records then Cloudflare will not add any. Just add a CAA record for violation reports, and issue and issuewild for all CAs you use for your own certs. Cloudflare will append CAA records for any CAs that they use.

I recommend that you add CAs you use even if Cloudflare currently append those CAs, as Cloudflare might change their CAs.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.