Why advisory checks (open-ports, blacklist, security-headers, lighthouse) are hidden from public status pages by default — and how to opt in.

Advisory checks on a public status page

DomainCare ships thirteen check types. Four of them are advisory:

Open ports — passive inventory of network ports exposed at your hostname.
Blacklist — RBL / DNSBL lookups for email reputation.
Security headers — Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, …
Lighthouse — synthetic performance audit.

These run on every domain in DomainCare regardless of plan. For internal domain views, advisory check failures show up alongside critical ones (uptime, SSL, DNS, etc.) so you can fix them.

For public status pages, they are hidden by default.

Why hidden by default

The four advisory checks share a common property: a failure discloses something about your attack surface or your provider relationships, not about whether your service is up.

"Open ports" failures broadcast your network footprint.
Blacklist listings are sensitive — many vendors silently fix themselves; surfacing transient listings costs you customer confidence with no upside.
Security headers and Lighthouse failures advise; they are not outages.

The privacy-first default keeps your public page focused on what visitors care about: is the service up?

Opting in

If you want any of the four visible on a public page, configure the domain-status component's showChecks array explicitly:

{
  "kind": "domain-status",
  "config": {
    "domainId": "dom_xxx",
    "showChecks": [
      "uptime",
      "ssl",
      "dns",
      "nameserver",
      "rdap",
      "email_auth",
      "redirect",
      "robots",
      "sitemap",
      // Opt-ins:
      "security_headers",
      "lighthouse"
    ]
  }
}

In the builder UI, the same toggles appear in the right-pane config for each domain-status component.

What about the dogfood `/status` page?

Our own /status lists all 13 checks for domaincare.io, including advisory ones — that page is for engineering transparency, not customer reassurance. Customers who want to follow our example are welcome to opt in; we just don't make it the default for everyone.

Advisory checks on a public status page

DomainCare ships thirteen check types. Four of them are advisory:

Open ports — passive inventory of network ports exposed at your hostname.
Blacklist — RBL / DNSBL lookups for email reputation.
Security headers — Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, …
Lighthouse — synthetic performance audit.

These run on every domain in DomainCare regardless of plan. For internal domain views, advisory check failures show up alongside critical ones (uptime, SSL, DNS, etc.) so you can fix them.

For public status pages, they are hidden by default.

Why hidden by default

The four advisory checks share a common property: a failure discloses something about your attack surface or your provider relationships, not about whether your service is up.

"Open ports" failures broadcast your network footprint.
Blacklist listings are sensitive — many vendors silently fix themselves; surfacing transient listings costs you customer confidence with no upside.
Security headers and Lighthouse failures advise; they are not outages.

The privacy-first default keeps your public page focused on what visitors care about: is the service up?

Opting in

If you want any of the four visible on a public page, configure the domain-status component's showChecks array explicitly:

{
  "kind": "domain-status",
  "config": {
    "domainId": "dom_xxx",
    "showChecks": [
      "uptime",
      "ssl",
      "dns",
      "nameserver",
      "rdap",
      "email_auth",
      "redirect",
      "robots",
      "sitemap",
      // Opt-ins:
      "security_headers",
      "lighthouse"
    ]
  }
}

In the builder UI, the same toggles appear in the right-pane config for each domain-status component.

Advisory checks on a public status page

Advisory checks on a public status page

Why hidden by default

Opting in

What about the dogfood /status page?

Advisory checks on a public status page

Advisory checks on a public status page

Why hidden by default

Opting in

What about the dogfood /status page?

What about the dogfood `/status` page?

What about the dogfood `/status` page?