blocksec.com

HTML metadata

Title: Web3 Security Audits, Monitoring, and Risk Prevention - BlockSec
Description: Safeguard your DeFi protocols with end-to-end Web3 security solutions. From smart contract audits to 24/7 threat monitoring, we detect risks, automate exploit prevention, and ensure compliance.
Language: en
Canonical: https://blocksec.com

Open Graph

url: https://blocksec.com
title: Web3 Security Audits, Monitoring, and Risk Prevention - BlockSec
locale: en_US
site name: BlockSec
description: Safeguard your DeFi protocols with end-to-end Web3 security solutions. From smart contract audits to 24/7 threat monitoring, we detect risks, automate exploit prevention, and ensure compliance.

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights

Third-party hosts loaded (2)

js-na2.hs-scripts.com×1
static.cloudflareinsights.com×1

Social

Registration

Registrar

Cloudflare, Inc.

Created

2013-12-15

Expires

2034-12-15 3132 days left

Updated

2026-01-04

Name servers

maxine.ns.cloudflare.com
rajeev.ns.cloudflare.com

DNS records live

NS

maxine.ns.cloudflare.com
rajeev.ns.cloudflare.com

MX

1 smtp.google.com

TXT

apple-domain-verification=E8AFwU4qKw2T62ah

Email authentication strong

SPF

v=spf1 include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; ruf=mailto:mailabuse@blocksec.com; rua=mailto:2f0013bfcee544d0a8cc27b08228f085@dmarc-reports.cloudflare.net,mailto:mailabuse@blocksec.com; sp=reject; adkim=s; aspf=s

policy: reject (enforced) · sp=reject

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF6kFkNtsruKQls4PULyx3oWyYSp/qpiFfONlHK3/WZHadSxwHUJlq26/kike80ch++UVN/GRzJ3iq…
selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6nBlVmpBaM95Hyl4/IiImkD/LOihkUfkU8rlhFKHAspFKGECkL8r84JPw4EVZeIR87mSUSBwjRnLw…

selectors probed

Certificate (current)

WE1

from 2026-04-05 to 2026-07-04

Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://blocksec.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: frame-ancestors *.blocksec.com blocksec.com *.metasleuth.io metasleuth.io *.recaptcha.net recaptcha.net *.google.com 'self'; script-src *.blocksec.com blocksec.com *.metasleuth.io metasleuth.io *.recaptcha.net recaptcha.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflareinsights.com *.cloudflare.com *.twitter.com *.clarity.ms *.calendly.com *.doubleclick.net unpkg.com *.intercom.io *.intercomcdn.com *.jsdelivr.net *.gstatic.cn *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net 'wasm-unsafe-eval' 'unsafe-inline' 'self'; style-src *.blocksec.com blocksec.com *.metasleuth.io metasleuth.io *.recaptcha.net recaptcha.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.twitter.com *.clarity.ms *.calendly.com *.jsdelivr.net *.cloudflare.com 'unsafe-inline' 'self'; connect-src 'self' https: wss: *.intercom.io; worker-src 'self' blob:; default-src 'self' https: data:
strict-transport-security: max-age=31536000