Engineering May 29, 2026
How we got SSLBoard to 99/100
Getting to a 92 was easy. The climb from there to 99 meant CSP headers on 25 endpoints, dropping CBC ciphers on Cloudflare and our Go servers, and CAA records. Here's the work.
Read article 
Knowledge May 7, 2026
Your DNSSEC zone is signed. It's also an open book.
DNSSEC with NSEC lets attackers walk your entire zone and enumerate every hostname. NSEC3 fixes this. SSLBoard now tests for it, including across CNAME delegations to third parties.
Read article
Product Mar 27, 2026
CAA Policy Explorer: Map Certificate Issuance Across Subdomains
See which certificate authorities can issue for every subdomain. SSLBoard maps live CAA records with CT data to expose your full issuance policy.
Read article