Executive Summary

What is it?

DNSSEC adds cryptographic signatures to DNS records to protect against DNS spoofing and cache poisoning attacks. It creates a chain of trust from the root DNS zone down to your domain.

Why is it important?

Without DNSSEC, attackers can redirect your domain to malicious servers by poisoning DNS caches. This can lead to phishing attacks, data theft, and loss of trust. DNSSEC ensures that DNS responses are authentic and haven't been tampered with.

What can go wrong if not properly setup?

If DNSSEC is not properly configured: attackers can hijack your DNS, redirect traffic to malicious sites, intercept emails, and compromise your entire domain infrastructure. Improper DNSSEC setup can also cause DNS resolution failures.

Technical Details

DNSSEC uses public-key cryptography. The root zone has DNSKEY records, which are signed by RRSIG records. Each level (root → TLD → domain) has DS (Delegation Signer) records that link the chain together. The domain must have DNSKEY records and RRSIG records for all DNS record types.

What is it?

SSL/TLS certificates encrypt data transmitted between web browsers and servers, ensuring that sensitive information cannot be intercepted by attackers.

Why is it important?

SSL/TLS is mandatory for government websites per CISA requirements. It protects user data, prevents man-in-the-middle attacks, and is required for compliance. Without it, all data transmitted is visible to attackers.

What can go wrong if not properly setup?

If SSL/TLS is not properly configured: all data is transmitted in plain text, attackers can intercept and modify communications, browsers will show security warnings, and you fail CISA compliance requirements.

Technical Details

SSL/TLS certificates contain: issuer information, subject (domain name), validity dates, public key, and digital signature. Certificates must be valid, not expired, and match the domain name. HTTPS should be forced (HTTP redirects to HTTPS).

Issuer

E7

Subject

*.chipetawater.org

Valid From

2026-04-04T22:46:57.000Z

Valid To

2026-07-03T22:46:56.000Z

Days Remaining

86 days

HTTPS Configuration

Enhanced HTTPS checks verify that HTTPS is properly configured with redirects, compression, and HSTS (HTTP Strict Transport Security) headers.

Why is HTTPS configuration important?

Proper HTTPS configuration is fundamental to web security. HSTS prevents downgrade attacks and ensures all connections are encrypted. HTTPS redirects ensure users always use secure connections. These are required for CISA compliance and protect against man-in-the-middle attacks.

TLS Configuration

TLS (Transport Layer Security) configuration checks verify that your server uses secure TLS versions, proper cipher suites, and secure settings.

Why is TLS configuration important?

Proper TLS configuration prevents attacks like BEAST, POODLE, and other TLS vulnerabilities. Weak ciphers, TLS compression, or insecure renegotiation can allow attackers to decrypt or intercept communications. This is critical for protecting sensitive government data.

What can go wrong if not properly setup?

Without proper HTTPS configuration: users may access your site over unencrypted HTTP, attackers can intercept and modify communications, browsers will show security warnings, and you fail compliance requirements. Missing HSTS allows attackers to force unencrypted connections.

Weak TLS configuration: allows attackers to decrypt communications, enables man-in-the-middle attacks, exposes sensitive data, and fails security compliance. TLS compression (CRIME attack) and client-initiated renegotiation are serious vulnerabilities.

Technical Details

HTTPS checks verify: 1) HTTPS is available and working, 2) HTTP redirects to HTTPS automatically, 3) HSTS header is present with appropriate max-age, 4) HSTS includes subdomains when appropriate. HTTP compression is informational but improves performance.

TLS checks verify: 1) TLS version 1.2 or higher (TLS 1.3 preferred), 2) Strong cipher suites with proper ordering, 3) Secure key exchange parameters, 4) No TLS compression (vulnerable to CRIME), 5) Secure renegotiation enabled, 6) Client-initiated renegotiation disabled, 7) 0-RTT (early data) status.

What is it?

Certificate validation checks verify that your SSL/TLS certificate has a valid trust chain, proper public key, valid signature, matches your domain, and has CAA records.

Why is it important?

A valid certificate chain ensures browsers trust your certificate. Domain name matching prevents certificate errors. CAA records control which Certificate Authorities can issue certificates for your domain, preventing unauthorized certificate issuance. This is fundamental to HTTPS security.

What can go wrong if not properly setup?

Invalid certificates: browsers show security warnings, users cannot access your site, attackers can issue fake certificates for your domain (without CAA), and you fail compliance requirements. Missing CAA records allow any CA to issue certificates for your domain.

Technical Details

Certificate validation checks: 1) Trust chain (certificate is signed by trusted CA), 2) Public key validity, 3) Signature validity, 4) Domain name matches certificate (CN or SAN), 5) CAA (Certificate Authority Authorization) DNS records exist to control certificate issuance.

What are they?

HTTP security headers provide additional security controls to protect against common web vulnerabilities like clickjacking, MIME type sniffing, and information leakage.

Why are they important?

Security headers are a fundamental defense against web attacks. X-Frame-Options prevents clickjacking. X-Content-Type-Options prevents MIME sniffing attacks. Referrer-Policy controls information leakage. security.txt provides a standard way to report security vulnerabilities. These are required for modern web security.

What can go wrong if not properly setup?

Missing security headers: your site is vulnerable to clickjacking attacks, MIME type confusion attacks, information leakage through referrer headers, and security researchers cannot easily report vulnerabilities. These are low-hanging fruit for attackers.

Technical Details

Security headers checked: 1) X-Frame-Options (prevents iframe embedding - should be DENY or SAMEORIGIN), 2) X-Content-Type-Options: nosniff (prevents MIME sniffing), 3) Referrer-Policy (controls referrer information), 4) security.txt file at /.well-known/security.txt or /security.txt (RFC 9116).

What is it?

SPF is a DNS record that specifies which mail servers are authorized to send email on behalf of your domain.

Why is it important?

SPF prevents email spoofing. Without it, anyone can send emails claiming to be from your domain. The "-all" mechanism is critical - it means "reject all emails from servers not listed", providing strict protection.

Why is "-all" critical?

The "-all" mechanism means "reject all emails from servers not explicitly listed in the SPF record." This provides strict protection. Without it, or with "~all" (soft fail) or "?all" (neutral), attackers can still send spoofed emails from your domain.

What can go wrong if not properly setup?

If SPF is missing or improperly configured: attackers can spoof emails from your domain, leading to phishing attacks, reputation damage, and email delivery failures. Using "~all" or "?all" instead of "-all" provides weak protection.

Technical Details

SPF records use mechanisms like: "include:" (authorize other domains), "a" (authorize A records), "mx" (authorize MX records), "ip4:" (authorize specific IPs), "-all" (reject all others - STRICT), "~all" (soft fail - WEAK), "?all" (neutral - NO PROTECTION).

What is it?

DKIM cryptographically signs outgoing emails using a private key. The public key is published in DNS, allowing recipients to verify the email's authenticity.

Why is it important?

DKIM proves that emails actually came from your domain and haven't been modified in transit. It works with SPF and DMARC to provide complete email authentication.

What can go wrong if not properly setup?

If DKIM is missing: recipients cannot verify email authenticity, emails may be marked as spam, and you cannot prove emails came from your domain in legal disputes.

Technical Details

DKIM uses a selector (like "google", "default", "mail") combined with "_domainkey" subdomain. The selector._domainkey.domain.com DNS record contains the public key. We check 250+ common selectors to find DKIM records.

Selector: dkim

Domain: dkim._domainkey.chipetawater.org

Record:

v=DKIM1; t=y; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fju5dRLECYeUvZEy2idRbmGYamu6ezAU8wSqMiwYOy3nnud83HS1VLn5VDpWim8lTgQd3gQDgT3mCT+LeRcQpLnhsgyEXGF2ivx1NFvqKChUJmfUFRWN4bq6ya9DLm+HWlFWMejMWeKDQ3jiH3T8V6tEiP882ha/imJlWq8XwXJvnYOtr+DlBClBVEW 24j06VJKijb0ShI3xF193M/aHVxlPVVeGM3EYS7lBNSHFYFVL9rkMXpRqaBh72mf34S9Poh9mXox/hoAnZiNC8VLvlVStAS7Id8NoyJpe7x+cknqyHIOikurI8FJ9GpN+mBXJv7zPvm/F316hL7glBe3fQIDAQAB

What is it?

DMARC tells receiving mail servers what to do with emails that fail SPF or DKIM checks. It also provides reporting on email authentication.

Why is it important?

DMARC is the final layer of email security. It enforces SPF and DKIM policies and provides visibility into email authentication failures. Required for CISA compliance.

What can go wrong if not properly setup?

If DMARC is missing: you have no control over what happens to spoofed emails, no visibility into authentication failures, and cannot achieve complete email security.

Technical Details

DMARC policies: "none" (monitor only), "quarantine" (send to spam), "reject" (reject email). Should include "pct=100" (apply to 100% of emails) and "rua=" (reporting email address).

What is it?

MTA-STS enforces secure TLS connections for email transmission, preventing man-in-the-middle attacks on email delivery.

Why is it important?

MTA-STS prevents attackers from intercepting emails in transit by forcing encrypted connections. Critical for government email security.

What can go wrong if not properly setup?

If MTA-STS is not configured: email transmission can be intercepted, attackers can downgrade to unencrypted connections, and sensitive government communications are at risk.

Technical Details

MTA-STS requires: 1) _mta-sts.domain.com TXT record with "v=STSv1", 2) Policy file at https://mta-sts.domain.com/.well-known/mta-sts.txt with "mode: enforce", 3) Valid SSL certificate. Mode "enforce" means strict enforcement, "testing" is monitoring only.

Policy File (mta-sts.chipetawater.org/.well-known/mta-sts.txt)

{"success":false,"status":404,"content":"<!DOCTYPE html>\n\n<html lang=\"en-US\">\n\n<head>\n<meta charset=\"UTF-8\" />\n<link rel=\"profile\" href=\"http://gmpg.org/xfn/11\" />\n<link rel=\"pingback\" href=\"https://www.chipetawater.org/xmlrpc.php\" />\n<title>Page not found &#8211; Chipeta Water District</title>\n<meta name='robots' content='max-image-preview:large' />\n<link rel='dns-prefetch' href='//www.chipetawater.org' />\n<link rel=\"alternate\" type=\"application/rss+xml\" title=\"Chipeta Water District &raquo; Feed\" href=\"https://www.chipetawater.org/feed/\" />\n<link rel=\"alternate\" type=\"application/rss+xml\" title=\"Chipeta Water District &raquo; Comments Feed\" href=\"https://www.chipetawater.org/comments/feed/\" />\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1\"><style id='wp-img-auto-sizes-contain-inline-css' type='text/css'>\nimg:is([sizes=auto i],[sizes^=\"auto,\" i]){contain-intrinsic-size:3000px 1500px}\n/*# sourceURL=wp-img-auto-sizes-contain-inline-css */\n</style>\n<style id='wp-emoji-styles-inline-css' type='text/css'>\n\n\timg.wp-smiley, img.emoji {\n\t\tdisplay: inline !important;\n\t\tborder: none !important;\n\t\tbox-shadow: none !important;\n\t\theight: 1em !important;\n\t\twidth: 1em !important;\n\t\tmargin: 0 0.07em !important;\n\t\tvertical-align: -0.1em !important;\n\t\tbackground: none !important;\n\t\tpadding: 0 !important;\n\t}\n/*# sourceURL=wp-emoji-styles-inline-css */\n</style>\n<style id='wp-block-library-inline-css' type='text/css'>\n:root{\n  --wp-block-synced-color:#7a00df;\n  --wp-block-synced-color--rgb:122, 0, 223;\n  --wp-bound-block-color:var(--wp-block-synced-color);\n  --wp-editor-canvas-background:#ddd;\n  --wp-admin-theme-color:#007cba;\n  --wp-admin-theme-color--rgb:0, 124, 186;\n  --wp-admin-theme-color-darker-10:#006ba1;\n  --wp-admin-theme-color-darker-10--rgb:0, 107, 160.5;\n  --wp-admin-theme-color-darker-20:#005a87;\n  --wp-admin-theme-color-darker-20--rgb:0, 90, 135;\n  --wp-admin-border-width-focus:2px;\n}\n@media (min-resolution:192dpi){\n  :root{\n    --wp-admin-border-width-focus:1.5px;\n  }\n}\n.wp-element-button{\n  cursor:pointer;\n}\n\n:root .has-very-light-gray-background-color{\n  background-color:#eee;\n}\n:root .has-very-dark-gray-background-color{\n  background-color:#313131;\n}\n:root .has-very-light-gray-color{\n  color:#eee;\n}\n:root .has-very-dark-gray-color{\n  color:#313131;\n}\n:root .has-vivid-green-cyan-to-vivid-cyan-blue-gradient-background{\n  background:linear-gradient(135deg, #00d084, #0693e3);\n}\n:root .has-purple-crush-gradient-background{\n  background:linear-gradient(135deg, #34e2e4, #4721fb 50%, #ab1dfe);\n}\n:root .has-hazy-dawn-gradient-background{\n  background:linear-gradient(135deg, #faaca8, #dad0ec);\n}\n:root .has-subdued-olive-gradient-background{\n  background:linear-gradient(135deg, #fafae1, #67a671);\n}\n:root .has-atomic-cream-gradient-background{\n  background:linear-gradient(135deg, #fdd79a, #004a59);\n}\n:root .has-nightshade-gradient-background{\n  background:linear-gradient(135deg, #330968, #31cdcf);\n}\n:root .has-midnight-gradient-background{\n  background:linear-gradient(135deg, #020381, #2874fc);\n}\n:root{\n  --wp--preset--font-size--normal:16px;\n  --wp--preset--font-size--huge:42px;\n}\n\n.has-regular-font-size{\n  font-size:1em;\n}\n\n.has-larger-font-size{\n  font-size:2.625em;\n}\n\n.has-normal-font-size{\n  font-size:var(--wp--preset--font-size--normal);\n}\n\n.has-huge-font-size{\n  font-size:var(--wp--preset--font-size--huge);\n}\n\n.has-text-align-center{\n  text-align:center;\n}\n\n.has-text-align-left{\n  text-align:left;\n}\n\n.has-text-align-right{\n  text-align:right;\n}\n\n.has-fit-text{\n  white-space:nowrap !important;\n}\n\n#end-resizable-editor-section{\n  display:none;\n}\n\n.aligncenter{\n  clear:both;\n}\n\n.items-justified-left{\n  justify-content:flex-start;\n}\n\n.items-justified-center{\n  justify-content:center;\n}\n\n.items-justified-right{\n  justify-content:flex-end;\n}\n\n.items-justified-space-between{\n  justify-content:space-between;\n}\n\n.screen-reader-text{\n  border:0;\n  clip-path:inset(50%);\n  height:1px;\n  margin:-1px;\n  overflow:hidden;\n  padding:0;\n  position:absolute;\n  width:1px;\n  word-wrap:normal !important;\n}\n\n.screen-reader-text:focus{\n  background-color:#ddd;\n  clip-path:none;\n  color:#444;\n  display:block;\n  font-size:1em;\n  height:auto;\n  left:5px;\n  line-height:normal;\n  padding:15px 23px 14px;\n  text-decoration:none;\n  top:5px;\n  width:auto;\n  z-index:100000;\n}\nhtml :where(.has-border-color){\n  border-style:solid;\n}\n\nhtml :where([style*=border-top-color]){\n  border-top-style:solid;\n}\n\nhtml :where([style*=border-right-color]){\n  border-right-style:solid;\n}\n\nhtml :where([style*=border-bottom-color]){\n  border-bottom-style:solid;\n}\n\nhtml :where([style*=border-left-color]){\n  border-left-style:solid;\n}\n\nhtml :where([style*=border-width]){\n  border-style:solid;\n}\n\nhtml :where([style*=border-top-width]){\n  border-top-style:solid;\n}\n\nhtml :where([style*=border-right-width]){\n  border-right-style:solid;\n}\n\nhtml :where([style*=border-bottom-width]){\n  border-bottom-style:solid;\n}\n\nhtml :where([style*=border-left-width]){\n  border-left-style:solid;\n}\nhtml :where(img[class*=wp-image-]){\n  height:auto;\n  max-width:100%;\n}\n:where(figure){\n  margin:0 0 1em;\n}\n\nhtml :where(.is-position-sticky){\n  --wp-admin--admin-bar--position-offset:var(--wp-admin--admin-bar--height, 0px);\n}\n\n@media screen and (max-width:600px){\n  html :where(.is-position-sticky){\n    --wp-admin--admin-bar--position-offset:0px;\n  }\n}\n\n/*# sourceURL=wp-block-library-inline-css */\n</style>\n<style id='classic-theme-styles-inline-css' type='text/css'>\n/**\n * These rules are needed for backwards compatibility.\n * They should match the button element rules in the base theme.json file.\n */\n.wp-block-button__link {\n\tcolor: #ffffff;\n\tbackground-color: #32373c;\n\tborder-radius: 9999px; /* 100% causes an oval, but any explicit but really high value retains the pill shape. */\n\n\t/* This needs a low specificity so it won't override the rules from the button element if defined in theme.json. */\n\tbox-shadow: none;\n\ttext-decoration: none;\n\n\t/* The extra 2px are added to size solids the same as the outline versions.*/\n\tpadding: calc(0.667em + 2px) calc(1.333em + 2px);\n\n\tfont-size: 1.125em;\n}\n\n.wp-block-file__button {\n\tbackground: #32373c;\n\tcolor: #ffffff;\n\ttext-decoration: none;\n}\n\n/*# sourceURL=/wp-includes/css/classic-themes.css */\n</style>\n<style id='global-styles-inline-css' type='text/css'>\n:root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--dark-gray: #3a3d41;--wp--preset--color--medium-gray: #757575;--wp--preset--color--light-gray: #eeeeee;--wp--preset--color--blue: #0088cc;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgb(6,147,227) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgb(252,185,0) 0%,rgb(255,105,0) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgb(255,105,0) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 16px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 24px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--extra-small: 16px;--wp--preset--font-size--normal: 18px;--wp--preset--font-size--huge: 30px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgb(255, 255, 255), 6px 6px rgb(0, 0, 0);--wp--preset--shadow--crisp: 6px 6px 0px rgb(0, 0, 0);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}\n/*# sourceURL=global-styles-inline-css */\n</style>\n\n<link rel='stylesheet' id='ppv-public-css' href='https://www.chipetawater.org/wp-content/plugins/document-emberdder/build/public.css?ver=2.0.3' type='text/css' media='all' />\n<link rel='stylesheet' id='catcheverest-style-css' href='https://www.chipetawater.org/wp-content/themes/catch-everest/style.css?ver=20260108-183445' type='text/css' media='all' />\n<link rel='stylesheet' id='catcheverest-block-style-css' href='https://www.chipetawater.org/wp-content/themes/catch-everest/css/blocks.css?ver=1.0' type='text/css' media='all' />\n<link rel='stylesheet' id='genericons-css' href='https://www.chipetawater.org/wp-content/themes/catch-everest/genericons/genericons.css?ver=3.4.1' type='text/css' media='all' />\n<link rel='stylesheet' id='catcheverest-responsive-css' href='https://www.chipetawater.org/wp-content/themes/catch-everest/css/responsive.css?ver=3.7.1' type='text/css' media='all' />\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-content/plugins/document-emberdder/build/public.js?ver=2.0.3\" id=\"ppv-public-js\"></script>\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-includes/js/jquery/jquery.js?ver=3.7.1\" id=\"jquery-core-js\"></script>\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1\" id=\"jquery-migrate-js\"></script>\n<link rel=\"https://api.w.org/\" href=\"https://www.chipetawater.org/wp-json/\" /><link rel=\"EditURI\" type=\"application/rsd+xml\" title=\"RSD\" href=\"https://www.chipetawater.org/xmlrpc.php?rsd\" />\n<meta name=\"generator\" content=\"WordPress 6.9.4\" />\n<!-- refreshing cache --><style type=\"text/css\">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>\t<style type=\"text/css\">\n\t\t\t#hgroup.with-logo { padding: 0; }\n\t\t#site-title,\n\t\t#site-description {\n\t\t\tposition: absolute !important;\n\t\t\tclip: rect(1px 1px 1px 1px); /* IE6, IE7 */\n\t\t\tclip: rect(1px, 1px, 1px, 1px);\n\t\t}\n\t\t</style>\n\t<link rel=\"icon\" href=\"https://www.chipetawater.org/wp-content/uploads/2020/10/cropped-chipeta_siteicon-32x32.jpg\" sizes=\"32x32\" />\n<link rel=\"icon\" href=\"https://www.chipetawater.org/wp-content/uploads/2020/10/cropped-chipeta_siteicon-192x192.jpg\" sizes=\"192x192\" />\n<link rel=\"apple-touch-icon\" href=\"https://www.chipetawater.org/wp-content/uploads/2020/10/cropped-chipeta_siteicon-180x180.jpg\" />\n<meta name=\"msapplication-TileImage\" content=\"https://www.chipetawater.org/wp-content/uploads/2020/10/cropped-chipeta_siteicon-270x270.jpg\" />\n\t\t<style type=\"text/css\" id=\"wp-custom-css\">\n\t\t\t#header-left { float: none; }\n\n\n\n#site-logo {   \n\t\n\tdisplay: block;\n  margin-left: 60%;\n  margin-right: auto;\n  width: 100%;\n\n}\n\n\n\n#site-logo a { display: inline-block; }\n#site-logo, hgroup.with-logo { padding-top: 0;  }\n\n.home .entry-title {\ndisplay: none;\n}\n\n.page .entry-title {\ndisplay: none;\n}\n\nfooter .powered {\n   display: none;\n}\n\n#hgroup-wrap {padding-bottom: 0px;}\n\n\n#header-menu { \n\n\t\tmargin-top:-70px\n\n}\t\t</style>\n\t\t<style id='core-block-supports-inline-css' type='text/css'>\n/**\n * Core styles: block-supports\n */\n\n/*# sourceURL=core-block-supports-inline-css */\n</style>\n\n</head>\n\n<body class=\"error404 wp-custom-logo wp-embed-responsive wp-theme-catch-everest no-sidebar-full-width\">\n\n\n\n<div id=\"page\" class=\"hfeed site\">\n\n\t\t<a class=\"skip-link screen-reader-text\" href=\"#content\">Skip to content</a>\n\n\t<header id=\"masthead\" role=\"banner\">\n\n    \t\n    \t<div id=\"hgroup-wrap\" class=\"container\">\n\n       \t\t\n        <div id=\"header-left\">\n                            \t<div id=\"site-logo\"><a href=\"https://www.chipetawater.org/\" class=\"custom-logo-link\" rel=\"home\"><img width=\"480\" height=\"270\" src=\"https://www.chipetawater.org/wp-content/uploads/2015/10/cropped-Chipeta-Logo.png\" class=\"custom-logo\" alt=\"Chipeta Water District\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https://www.chipetawater.org/wp-content/uploads/2015/10/cropped-Chipeta-Logo.png 480w, https://www.chipetawater.org/wp-content/uploads/2015/10/cropped-Chipeta-Logo-300x169.png 300w\" sizes=\"(max-width: 480px) 100vw, 480px\" /></a></div>\n                \t<div id=\"hgroup\" class=\"with-logo\">\n                \n\t\t\t\t\t\t\t\t\t<p id=\"site-title\"><a href=\"https://www.chipetawater.org/\" rel=\"home\">Chipeta Water District</a></p>\n\t\t\t\t\n            </div><!-- #hgroup -->\n        </div><!-- #header-left -->\n\n\n        </div><!-- #hgroup-wrap -->\n\n        \t<div id=\"primary-menu-wrapper\" class=\"menu-wrapper\">\n        <div class=\"menu-toggle-wrapper\">\n            <button id=\"menu-toggle\" class=\"menu-toggle\" aria-controls=\"main-menu\" aria-expanded=\"false\"><span class=\"menu-label\">Menu</span></button>\n        </div><!-- .menu-toggle-wrapper -->\n\n        <div class=\"menu-inside-wrapper\">\n            <nav id=\"site-navigation\" class=\"main-navigation\" role=\"navigation\" aria-label=\"Primary Menu\">\n            <ul id=\"primary-menu\" class=\"menu nav-menu\"><li id=\"menu-item-36\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-36\"><a href=\"https://www.chipetawater.org/\">Home</a></li>\n<li id=\"menu-item-37\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-37\"><a href=\"https://www.chipetawater.org/about-us/\">About Us</a>\n<ul class=\"sub-menu\">\n\t<li id=\"menu-item-40\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-40\"><a href=\"https://www.chipetawater.org/general-information/\">General Information</a></li>\n\t<li id=\"menu-item-39\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-39\"><a href=\"https://www.chipetawater.org/about-us/contact-us/\">Contact Us</a></li>\n\t<li id=\"menu-item-43\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-43\"><a href=\"https://www.chipetawater.org/project7/\">Project 7 Water Authority</a></li>\n\t<li id=\"menu-item-141\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-141\"><a href=\"https://www.chipetawater.org/project-7-water-supply-resiliency-program/\">Project 7 Water Supply Resiliency Program</a></li>\n\t<li id=\"menu-item-194\" class=\"menu-item menu-item-type-custom menu-item-object-custom menu-item-194\"><a href=\"https://www.project7water.org/faq.html\">Project 7 FAQ</a></li>\n</ul>\n</li>\n<li id=\"menu-item-547\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-547\"><a href=\"https://www.chipetawater.org/2026budget/\">2026 Budget</a></li>\n<li id=\"menu-item-44\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-44\"><a href=\"https://www.chipetawater.org/general-information/transparency-notice/\">Transparency Notice</a></li>\n<li id=\"menu-item-574\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-574\"><a href=\"https://www.chipetawater.org/lead-copper-results/\">Lead/Copper Sampling Results</a></li>\n<li id=\"menu-item-38\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-38\"><a href=\"https://www.chipetawater.org/ccr/\">Consumer Confidence Report</a></li>\n<li id=\"menu-item-184\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-184\"><a href=\"https://www.chipetawater.org/detailed-water-quality-report/\">Water Quality Report</a></li>\n<li id=\"menu-item-42\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-42\"><a href=\"https://www.chipetawater.org/pay-bill/\">Pay My Bill</a></li>\n<li class=\"default-menu\"><a href=\"https://www.chipetawater.org/\" title=\"Menu\">Menu</a></li></ul>            </nav><!-- .main-navigation -->\n    \t</div>\n    </div>\n\n\t</header><!-- #masthead .site-header -->\n\n\t\n\t\n\n    <div id=\"main\" class=\"container\">\n\n\t\t\n\t<div id=\"primary\" class=\"content-area\">\n\t\t<div id=\"content\" class=\"site-content\" role=\"main\">\n\n\t\t\t<article id=\"post-0\" class=\"post error404 not-found\">\n            \t<div class=\"entry-container\">\n                    <header class=\"entry-header\">\n                        <h1 class=\"entry-title\">Oops! That page can&rsquo;t be found.</h1>\n                    </header><!-- .entry-header -->\n\n\t\t\t\t\t<div class=\"entry-content\">\n\t\t\t\t\t\t<p>It looks like nothing was found at this location. Maybe try one of the links below or a search?</p>\n\n\t\t\t\t\t\t\t<form method=\"get\" class=\"searchform\" action=\"https://www.chipetawater.org/\" role=\"search\">\n\t\t<label for=\"s\" class=\"screen-reader-text\">Search</label>\n\t\t<input type=\"text\" class=\"field\" name=\"s\" value=\"\" id=\"s\" placeholder=\"Search …\" />\n\t\t<input type=\"submit\" class=\"submit\" name=\"submit\" id=\"searchsubmit\" value=\"Search\" />\n\t</form>\n\n\t\t\t\t\t\t\n\t\t<div class=\"widget widget_recent_entries\">\n\t\t<h2 class=\"widgettitle\">Recent Posts</h2>\n\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https://www.chipetawater.org/hello-world/\">Hello world!</a>\n\t\t\t\t\t\t\t\t\t</li>\n\t\t\t\t\t</ul>\n\n\t\t</div>\n                        <div class=\"widget\">\n                            <h2 class=\"widget-title\">Most Used Categories</h2>\n                            <ul>\n                            \t<li class=\"cat-item cat-item-1\"><a href=\"https://www.chipetawater.org/category/uncategorized/\">Uncategorized</a> (1)\n</li>\n                            </ul>\n                        </div><!-- .widget -->\n\n\t\t\t\t\t\t<div class=\"widget widget_archive\"><h2 class=\"widgettitle\">Archives</h2><p>Try looking in the monthly archives. 🙂</p>\t\t<label class=\"screen-reader-text\" for=\"archives-dropdown--1\">Archives</label>\n\t\t<select id=\"archives-dropdown--1\" name=\"archive-dropdown\">\n\t\t\t\n\t\t\t<option value=\"\">Select Month</option>\n\t\t\t\t<option value='https://www.chipetawater.org/2015/10/'> October 2015 </option>\n\n\t\t</select>\n\n\t\t\t<script type=\"text/javascript\">\n/* <![CDATA[ */\n\n( ( dropdownId ) => {\n\tconst dropdown = document.getElementById( dropdownId );\n\tfunction onSelectChange() {\n\t\tsetTimeout( () => {\n\t\t\tif ( 'escape' === dropdown.dataset.lastkey ) {\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tif ( dropdown.value ) {\n\t\t\t\tdocument.location.href = dropdown.value;\n\t\t\t}\n\t\t}, 250 );\n\t}\n\tfunction onKeyUp( event ) {\n\t\tif ( 'Escape' === event.key ) {\n\t\t\tdropdown.dataset.lastkey = 'escape';\n\t\t} else {\n\t\t\tdelete dropdown.dataset.lastkey;\n\t\t}\n\t}\n\tfunction onClick() {\n\t\tdelete dropdown.dataset.lastkey;\n\t}\n\tdropdown.addEventListener( 'keyup', onKeyUp );\n\tdropdown.addEventListener( 'click', onClick );\n\tdropdown.addEventListener( 'change', onSelectChange );\n})( \"archives-dropdown--1\" );\n\n//# sourceURL=WP_Widget_Archives%3A%3Awidget\n/* ]]> */\n</script>\n</div>\n\t\t\t\t\t\t\n\t\t\t\t\t</div><!-- .entry-content -->\n             \t</div><!-- .entry-container -->       \n\t\t\t</article><!-- #post-0 .post .error404 .not-found -->\n\n\t\t</div><!-- #content .site-content -->\n\t</div><!-- #primary .content-area -->\n\n\n\t</div><!-- #main .site-main -->\n    \n\t \n    \n\t<footer id=\"colophon\" role=\"contentinfo\">\n\t\t\n<div id=\"footer-sidebar\" class=\"container\">\n    <div id=\"supplementary\" class=\"three\">\n                <div id=\"first\" class=\"widget-area\" role=\"complementary\">\n                    </div><!-- #first .widget-area -->\n            \n                <div id=\"second\" class=\"widget-area\" role=\"complementary\">\n                    </div><!-- #second .widget-area -->\n            \n                <div id=\"third\" class=\"widget-area\" role=\"complementary\">\n                    </div><!-- #third .widget-area -->\n            </div><!-- #supplementary -->\n</div><!-- #footer-sidebar -->   \n           \n        <div id=\"site-generator\" class=\"container\">\n\t\t\t  \n                    \n        \t<div class=\"site-info\">\n            \t<div class=\"copyright\">Copyright &copy; 2026 <a href=\"https://www.chipetawater.org/\" title=\"Chipeta Water District\" ><span>Chipeta Water District</span></a> All Rights Reserved.   </div><div class=\"powered\"><span class=\"theme-name\">Catch Everest Theme by </span><span class=\"theme-author\"><a href=\"https://catchthemes.com/\" target=\"_blank\" title=\"Catch Themes\">Catch Themes</a></span></div> \n          \t</div><!-- .site-info -->\n            \n\t\t\t              \n       \t</div><!-- #site-generator --> \n        \n          \n               \n\t</footer><!-- #colophon .site-footer -->\n    \n    <a href=\"#masthead\" id=\"scrollup\"></a> \n    \n</div><!-- #page .hfeed .site -->\n\n<script type=\"speculationrules\">\n{\"prefetch\":[{\"source\":\"document\",\"where\":{\"and\":[{\"href_matches\":\"/*\"},{\"not\":{\"href_matches\":[\"/wp-*.php\",\"/wp-admin/*\",\"/wp-content/uploads/*\",\"/wp-content/*\",\"/wp-content/plugins/*\",\"/wp-content/themes/catch-everest/*\",\"/*\\\\?(.+)\"]}},{\"not\":{\"selector_matches\":\"a[rel~=\\\"nofollow\\\"]\"}},{\"not\":{\"selector_matches\":\".no-prefetch, .no-prefetch a\"}}]},\"eagerness\":\"conservative\"}]}\n</script>\n<!-- refreshing cache --><script type=\"text/javascript\" id=\"catcheverest-menu-js-extra\">\n/* <![CDATA[ */\nvar catchEverestOptions = {\"screenReaderText\":{\"expand\":\"expand child menu\",\"collapse\":\"collapse child menu\"}};\n//# sourceURL=catcheverest-menu-js-extra\n/* ]]> */\n</script>\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-content/themes/catch-everest/js/catcheverest-menu.min.js?ver=3.7.1\" id=\"catcheverest-menu-js\"></script>\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-content/themes/catch-everest/js/navigation.min.js?ver=20150601\" id=\"catcheverest-navigation-js\"></script>\n<script type=\"text/javascript\" src=\"https://www.chipetawater.org/wp-content/themes/catch-everest/js/catcheverest-scrollup.min.js?ver=20072014\" id=\"catcheverest-scrollup-js\"></script>\n<script id=\"wp-emoji-settings\" type=\"application/json\">\n{\"baseUrl\":\"https://s.w.org/images/core/emoji/17.0.2/72x72/\",\"ext\":\".png\",\"svgUrl\":\"https://s.w.org/images/core/emoji/17.0.2/svg/\",\"svgExt\":\".svg\",\"source\":{\"wpemoji\":\"https://www.chipetawater.org/wp-includes/js/wp-emoji.js?ver=6.9.4\",\"twemoji\":\"https://www.chipetawater.org/wp-includes/js/twemoji.js?ver=6.9.4\"}}\n</script>\n<script type=\"module\">\n/* <![CDATA[ */\n/**\n * @output wp-includes/js/wp-emoji-loader.js\n */\n\n/* eslint-env es6 */\n\n// Note: This is loaded as a script module, so there is no need for an IIFE to prevent pollution of the global scope.\n\n/**\n * Emoji Settings as exported in PHP via _print_emoji_detection_script().\n * @typedef WPEmojiSettings\n * @type {object}\n * @property {?object} source\n * @property {?string} source.concatemoji\n * @property {?string} source.twemoji\n * @property {?string} source.wpemoji\n */\n\nconst settings = /** @type {WPEmojiSettings} */ (\n\tJSON.parse( document.getElementById( 'wp-emoji-settings' ).textContent )\n);\n\n// For compatibility with other scripts that read from this global, in particular wp-includes/js/wp-emoji.js (source file: js/_enqueues/wp/emoji.js).\nwindow._wpemojiSettings = settings;\n\n/**\n * Support tests.\n * @typedef SupportTests\n * @type {object}\n * @property {?boolean} flag\n * @property {?boolean} emoji\n */\n\nconst sessionStorageKey = 'wpEmojiSettingsSupports';\nconst tests = [ 'flag', 'emoji' ];\n\n/**\n * Checks whether the browser supports offloading to a Worker.\n *\n * @since 6.3.0\n *\n * @private\n *\n * @returns {boolean}\n */\nfunction supportsWorkerOffloading() {\n\treturn (\n\t\ttypeof Worker !== 'undefined' &&\n\t\ttypeof OffscreenCanvas !== 'undefined' &&\n\t\ttypeof URL !== 'undefined' &&\n\t\tURL.createObjectURL &&\n\t\ttypeof Blob !== 'undefined'\n\t);\n}\n\n/**\n * @typedef SessionSupportTests\n * @type {object}\n * @property {number} timestamp\n * @property {SupportTests} supportTests\n */\n\n/**\n * Get support tests from session.\n *\n * @since 6.3.0\n *\n * @private\n *\n * @returns {?SupportTests} Support tests, or null if not set or older than 1 week.\n */\nfunction getSessionSupportTests() {\n\ttry {\n\t\t/** @type {SessionSupportTests} */\n\t\tconst item = JSON.parse(\n\t\t\tsessionStorage.getItem( sessionStorageKey )\n\t\t);\n\t\tif (\n\t\t\ttypeof item === 'object' &&\n\t\t\ttypeof item.timestamp === 'number' &&\n\t\t\tnew Date().valueOf() < item.timestamp + 604800 && // Note: Number is a week in seconds.\n\t\t\ttypeof item.supportTests === 'object'\n\t\t) {\n\t\t\treturn item.supportTests;\n\t\t}\n\t} catch ( e ) {}\n\treturn null;\n}\n\n/**\n * Persist the supports in session storage.\n *\n * @since 6.3.0\n *\n * @private\n *\n * @param {SupportTests} supportTests Support tests.\n */\nfunction setSessionSupportTests( supportTests ) {\n\ttry {\n\t\t/** @type {SessionSupportTests} */\n\t\tconst item = {\n\t\t\tsupportTests: supportTests,\n\t\t\ttimestamp: new Date().valueOf()\n\t\t};\n\n\t\tsessionStorage.setItem(\n\t\t\tsessionStorageKey,\n\t\t\tJSON.stringify( item )\n\t\t);\n\t} catch ( e ) {}\n}\n\n/**\n * Checks if two sets of Emoji characters render the same visually.\n *\n * This is used to determine if the browser is rendering an emoji with multiple data points\n * correctly. set1 is the emoji in the correct form, using a zero-width joiner. set2 is the emoji\n * in the incorrect form, using a zero-width space. If the two sets render the same, then the browser\n * does not support the emoji correctly.\n *\n * This function may be serialized to run in a Worker. Therefore, it cannot refer to variables from the containing\n * scope. Everything must be passed by parameters.\n *\n * @since 4.9.0\n *\n * @private\n *\n * @param {CanvasRenderingContext2D} context 2D Context.\n * @param {string} set1 Set of Emoji to test.\n * @param {string} set2 Set of Emoji to test.\n *\n * @return {boolean} True if the two sets render the same.\n */\nfunction emojiSetsRenderIdentically( context, set1, set2 ) {\n\t// Cleanup from previous test.\n\tcontext.clearRect( 0, 0, context.canvas.width, context.canvas.height );\n\tcontext.fillText( set1, 0, 0 );\n\tconst rendered1 = new Uint32Array(\n\t\tcontext.getImageData(\n\t\t\t0,\n\t\t\t0,\n\t\t\tcontext.canvas.width,\n\t\t\tcontext.canvas.height\n\t\t).data\n\t);\n\n\t// Cleanup from previous test.\n\tcontext.clearRect( 0, 0, context.canvas.width, context.canvas.height );\n\tcontext.fillText( set2, 0, 0 );\n\tconst rendered2 = new Uint32Array(\n\t\tcontext.getImageData(\n\t\t\t0,\n\t\t\t0,\n\t\t\tcontext.canvas.width,\n\t\t\tcontext.canvas.height\n\t\t).data\n\t);\n\n\treturn rendered1.every( ( rendered2Data, index ) => {\n\t\treturn rendered2Data === rendered2[ index ];\n\t} );\n}\n\n/**\n * Checks if the center point of a single emoji is empty.\n *\n * This is used to determine if the browser is rendering an emoji with a single data point\n * correctly. The center point of an incorrectly rendered emoji will be empty. A correctly\n * rendered emoji will have a non-zero value at the center point.\n *\n * This function may be serialized to run in a Worker. Therefore, it cannot refer to variables from the containing\n * scope. Everything must be passed by parameters.\n *\n * @since 6.8.2\n *\n * @private\n *\n * @param {CanvasRenderingContext2D} context 2D Context.\n * @param {string} emoji Emoji to test.\n *\n * @return {boolean} True if the center point is empty.\n */\nfunction emojiRendersEmptyCenterPoint( context, emoji ) {\n\t// Cleanup from previous test.\n\tcontext.clearRect( 0, 0, context.canvas.width, context.canvas.height );\n\tcontext.fillText( emoji, 0, 0 );\n\n\t// Test if the center point (16, 16) is empty (0,0,0,0).\n\tconst centerPoint = context.getImageData(16, 16, 1, 1);\n\tfor ( let i = 0; i < centerPoint.data.length; i++ ) {\n\t\tif ( centerPoint.data[ i ] !== 0 ) {\n\t\t\t// Stop checking the moment it's known not to be empty.\n\t\t\treturn false;\n\t\t}\n\t}\n\n\treturn true;\n}\n\n/**\n * Determines if the browser properly renders Emoji that Twemoji can supplement.\n *\n * This function may be serialized to run in a Worker. Therefore, it cannot refer to variables from the containing\n * scope. Everything must be passed by parameters.\n *\n * @since 4.2.0\n *\n * @private\n *\n * @param {CanvasRenderingContext2D} context 2D Context.\n * @param {string} type Whether to test for support of \"flag\" or \"emoji\".\n * @param {Function} emojiSetsRenderIdentically Reference to emojiSetsRenderIdentically function, needed due to minification.\n * @param {Function} emojiRendersEmptyCenterPoint Reference to emojiRendersEmptyCenterPoint function, needed due to minification.\n *\n * @return {boolean} True if the browser can render emoji, false if it cannot.\n */\nfunction browserSupportsEmoji( context, type, emojiSetsRenderIdentically, emojiRendersEmptyCenterPoint ) {\n\tlet isIdentical;\n\n\tswitch ( type ) {\n\t\tcase 'flag':\n\t\t\t/*\n\t\t\t * Test for Transgender flag compatibility. Added in Unicode 13.\n\t\t\t *\n\t\t\t * To test for support, we try to render it, and compare the rendering to how it would look if\n\t\t\t * the browser doesn't render it correctly (white flag emoji + transgender symbol).\n\t\t\t */\n\t\t\tisIdentical = emojiSetsRenderIdentically(\n\t\t\t\tcontext,\n\t\t\t\t'\\uD83C\\uDFF3\\uFE0F\\u200D\\u26A7\\uFE0F', // as a zero-width joiner sequence\n\t\t\t\t'\\uD83C\\uDFF3\\uFE0F\\u200B\\u26A7\\uFE0F' // separated by a zero-width space\n\t\t\t);\n\n\t\t\tif ( isIdentical ) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Test for Sark flag compatibility. This is the least supported of the letter locale flags,\n\t\t\t * so gives us an easy test for full support.\n\t\t\t *\n\t\t\t * To test for support, we try to render it, and compare the rendering to how it would look if\n\t\t\t * the browser doesn't render it correctly ([C] + [Q]).\n\t\t\t */\n\t\t\tisIdentical = emojiSetsRenderIdentically(\n\t\t\t\tcontext,\n\t\t\t\t'\\uD83C\\uDDE8\\uD83C\\uDDF6', // as the sequence of two code points\n\t\t\t\t'\\uD83C\\uDDE8\\u200B\\uD83C\\uDDF6' // as the two code points separated by a zero-width space\n\t\t\t);\n\n\t\t\tif ( isIdentical ) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Test for English flag compatibility. England is a country in the United Kingdom, it\n\t\t\t * does not have a two letter locale code but rather a five letter sub-division code.\n\t\t\t *\n\t\t\t * To test for support, we try to render it, and compare the rendering to how it would look if\n\t\t\t * the browser doesn't render it correctly (black flag emoji + [G] + [B] + [E] + [N] + [G]).\n\t\t\t */\n\t\t\tisIdentical = emojiSetsRenderIdentically(\n\t\t\t\tcontext,\n\t\t\t\t// as the flag sequence\n\t\t\t\t'\\uD83C\\uDFF4\\uDB40\\uDC67\\uDB40\\uDC62\\uDB40\\uDC65\\uDB40\\uDC6E\\uDB40\\uDC67\\uDB40\\uDC7F',\n\t\t\t\t// with each code point separated by a zero-width space\n\t\t\t\t'\\uD83C\\uDFF4\\u200B\\uDB40\\uDC67\\u200B\\uDB40\\uDC62\\u200B\\uDB40\\uDC65\\u200B\\uDB40\\uDC6E\\u200B\\uDB40\\uDC67\\u200B\\uDB40\\uDC7F'\n\t\t\t);\n\n\t\t\treturn ! isIdentical;\n\t\tcase 'emoji':\n\t\t\t/*\n\t\t\t * Is there a large, hairy, humanoid mythical creature living in the browser?\n\t\t\t *\n\t\t\t * To test for Emoji 17.0 support, try to render a new emoji: Hairy Creature.\n\t\t\t *\n\t\t\t * The hairy creature emoji is a single code point emoji. Testing for browser\n\t\t\t * support required testing the center point of the emoji to see if it is empty.\n\t\t\t *\n\t\t\t * 0xD83E 0x1FAC8 (\\uD83E\\u1FAC8) == 🫈 Hairy creature.\n\t\t\t *\n\t\t\t * When updating this test, please ensure that the emoji is either a single code point\n\t\t\t * or switch to using the emojiSetsRenderIdentically function and testing with a zero-width\n\t\t\t * joiner vs a zero-width space.\n\t\t\t */\n\t\t\tconst notSupported = emojiRendersEmptyCenterPoint( context, '\\uD83E\\u1FAC8' );\n\t\t\treturn ! notSupported;\n\t}\n\n\treturn false;\n}\n\n/**\n * Checks emoji support tests.\n *\n * This function may be serialized to run in a Worker. Therefore, it cannot refer to variables from the containing\n * scope. Everything must be passed by parameters.\n *\n * @since 6.3.0\n *\n * @private\n *\n * @param {string[]} tests Tests.\n * @param {Function} browserSupportsEmoji Reference to browserSupportsEmoji function, needed due to minification.\n * @param {Function} emojiSetsRenderIdentically Reference to emojiSetsRenderIdentically function, needed due to minification.\n * @param {Function} emojiRendersEmptyCenterPoint Reference to emojiRendersEmptyCenterPoint function, needed due to minification.\n *\n * @return {SupportTests} Support tests.\n */\nfunction testEmojiSupports( tests, browserSupportsEmoji, emojiSetsRenderIdentically, emojiRendersEmptyCenterPoint ) {\n\tlet canvas;\n\tif (\n\t\ttypeof WorkerGlobalScope !== 'undefined' &&\n\t\tself instanceof WorkerGlobalScope\n\t) {\n\t\tcanvas = new OffscreenCanvas( 300, 150 ); // Dimensions are default for HTMLCanvasElement.\n\t} else {\n\t\tcanvas = document.createElement( 'canvas' );\n\t}\n\n\tconst context = canvas.getContext( '2d', { willReadFrequently: true } );\n\n\t/*\n\t * Chrome on OS X added native emoji rendering in M41. Unfortunately,\n\t * it doesn't work when the font is bolder than 500 weight. So, we\n\t * check for bold rendering support to avoid invisible emoji in Chrome.\n\t */\n\tcontext.textBaseline = 'top';\n\tcontext.font = '600 32px Arial';\n\n\tconst supports = {};\n\ttests.forEach( ( test ) => {\n\t\tsupports[ test ] = browserSupportsEmoji( context, test, emojiSetsRenderIdentically, emojiRendersEmptyCenterPoint );\n\t} );\n\treturn supports;\n}\n\n/**\n * Adds a script to the head of the document.\n *\n * @ignore\n *\n * @since 4.2.0\n *\n * @param {string} src The url where the script is located.\n *\n * @return {void}\n */\nfunction addScript( src ) {\n\tconst script = document.createElement( 'script' );\n\tscript.src = src;\n\tscript.defer = true;\n\tdocument.head.appendChild( script );\n}\n\nsettings.supports = {\n\teverything: true,\n\teverythingExceptFlag: true\n};\n\n// Obtain the emoji support from the browser, asynchronously when possible.\nnew Promise( ( resolve ) => {\n\tlet supportTests = getSessionSupportTests();\n\tif ( supportTests ) {\n\t\tresolve( supportTests );\n\t\treturn;\n\t}\n\n\tif ( supportsWorkerOffloading() ) {\n\t\ttry {\n\t\t\t// Note that the functions are being passed as arguments due to minification.\n\t\t\tconst workerScript =\n\t\t\t\t'postMessage(' +\n\t\t\t\ttestEmojiSupports.toString() +\n\t\t\t\t'(' +\n\t\t\t\t[\n\t\t\t\t\tJSON.stringify( tests ),\n\t\t\t\t\tbrowserSupportsEmoji.toString(),\n\t\t\t\t\temojiSetsRenderIdentically.toString(),\n\t\t\t\t\temojiRendersEmptyCenterPoint.toString()\n\t\t\t\t].join( ',' ) +\n\t\t\t\t'));';\n\t\t\tconst blob = new Blob( [ workerScript ], {\n\t\t\t\ttype: 'text/javascript'\n\t\t\t} );\n\t\t\tconst worker = new Worker( URL.createObjectURL( blob ), { name: 'wpTestEmojiSupports' } );\n\t\t\tworker.onmessage = ( event ) => {\n\t\t\t\tsupportTests = event.data;\n\t\t\t\tsetSessionSupportTests( supportTests );\n\t\t\t\tworker.terminate();\n\t\t\t\tresolve( supportTests );\n\t\t\t};\n\t\t\treturn;\n\t\t} catch ( e ) {}\n\t}\n\n\tsupportTests = testEmojiSupports( tests, browserSupportsEmoji, emojiSetsRenderIdentically, emojiRendersEmptyCenterPoint );\n\tsetSessionSupportTests( supportTests );\n\tresolve( supportTests );\n} )\n\t// Once the browser emoji support has been obtained from the session, finalize the settings.\n\t.then( ( supportTests ) => {\n\t\t/*\n\t\t * Tests the browser support for flag emojis and other emojis, and adjusts the\n\t\t * support settings accordingly.\n\t\t */\n\t\tfor ( const test in supportTests ) {\n\t\t\tsettings.supports[ test ] = supportTests[ test ];\n\n\t\t\tsettings.supports.everything =\n\t\t\t\tsettings.supports.everything && settings.supports[ test ];\n\n\t\t\tif ( 'flag' !== test ) {\n\t\t\t\tsettings.supports.everythingExceptFlag =\n\t\t\t\t\tsettings.supports.everythingExceptFlag &&\n\t\t\t\t\tsettings.supports[ test ];\n\t\t\t}\n\t\t}\n\n\t\tsettings.supports.everythingExceptFlag =\n\t\t\tsettings.supports.everythingExceptFlag &&\n\t\t\t! settings.supports.flag;\n\n\t\t// When the browser can not render everything we need to load a polyfill.\n\t\tif ( ! settings.supports.everything ) {\n\t\t\tconst src = settings.source || {};\n\n\t\t\tif ( src.concatemoji ) {\n\t\t\t\taddScript( src.concatemoji );\n\t\t\t} else if ( src.wpemoji && src.twemoji ) {\n\t\t\t\taddScript( src.twemoji );\n\t\t\t\taddScript( src.wpemoji );\n\t\t\t}\n\t\t}\n\t} );\n//# sourceURL=https://www.chipetawater.org/wp-includes/js/wp-emoji-loader.js\n/* ]]> */\n</script>\n\n</body>\n</html>\r\n<!--\r\nPerformance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/?utm_source=w3tc&utm_medium=footer_comment&utm_campaign=free_plugin\r\n\r\n\r\nServed from: mta-sts.chipetawater.org @ 2026-04-07 20:59:34 by W3 Total Cache\r\n-->"}

What is it?

TLS-RPT provides reports on TLS connection failures for email transmission, helping identify and fix email delivery issues.

Why is it important?

TLS-RPT gives visibility into email delivery problems, helps identify misconfigurations, and ensures email security is working properly.

What can go wrong if not properly setup?

Without TLS-RPT: you have no visibility into email delivery failures, cannot identify security issues, and may not know when email is being intercepted.

Technical Details

TLS-RPT uses _smtp._tls.domain.com TXT record with "v=TLSRPTv1" and "rua=" email address for reports. Reports are sent in JSON format showing TLS connection failures.

Shared cPanel Hosting Prohibited

Shared cPanel hosting is very strongly discouraged and subject to additional guidelines per Federal Government security guidelines (CISA). Consumer-focused hosting should be avoided at all cost, as they lack proper security. If an attacker gains access to the server through another tenant/domain also hosted on the server, they could compromise your small slice of the server and your domain. This creates a significant security risk where one compromised account on a shared server can lead to compromise of all other accounts on that server.

Why This Matters

Government domains require enterprise-grade hosting with proper isolation between tenants, comprehensive security controls, and compliance with federal security standards. Shared hosting environments, especially those using cPanel/WHM, do not meet these requirements.

What is it?

Scans your website for exposed email addresses and broken links that could pose security or compliance risks.

Why is it important?

Exposed email addresses can be harvested by spammers. Broken links indicate poor maintenance and can impact user experience and compliance.

What can go wrong if not properly setup?

Exposed emails lead to spam, broken links damage credibility, and both indicate poor security practices that can impact compliance.

Technical Details

Email extraction uses regex patterns to find email addresses in HTML. External emails (not from your domain) are flagged. Broken links are detected by checking HTTP status codes (400+).

What is it?

IPv6 is the next-generation Internet Protocol that provides a much larger address space than IPv4. IPv6 support ensures your domain is accessible via both IPv4 and IPv6 addresses.

Why is it important?

IPv6 is becoming increasingly important as IPv4 addresses are exhausted. Government agencies should support IPv6 to ensure accessibility for all users, especially as more networks transition to IPv6-only. It also demonstrates modern infrastructure and future-proofing.

What can go wrong if not properly setup?

Without IPv6 support: your domain may become inaccessible to IPv6-only networks, you may lose users as IPv6 adoption increases, and you fail to meet modern internet standards. IPv6-only networks are becoming more common, especially in government and enterprise environments.

Technical Details

IPv6 support requires: 1) AAAA DNS records for your domain (IPv6 addresses), 2) AAAA records for name servers, 3) IPv6 connectivity for both name servers and web server, 4) Same content served on both IPv4 and IPv6. We check for AAAA records and test connectivity to verify IPv6 is properly configured.

What is it?

Checks if your hosting IP addresses are listed on abuse databases or blacklists, indicating compromised or malicious infrastructure.

Why is it important?

If your IPs are blacklisted: emails will be rejected, websites will be blocked, and your infrastructure may be compromised. Critical for security assessment.

What can go wrong if not properly setup?

If IPs are blacklisted: email delivery fails, websites are blocked by security tools, reputation is damaged, and you may be hosting malicious content.

Technical Details

We check: 1) Web IP against our comprehensive abuse database for abuse reports, 2) Email IP against our blacklist database for Primary Blacklist status, 3) PTR records for proper reverse DNS. Blacklisted IPs indicate compromised infrastructure.

Web IP Reputation Analysis

Blacklist Detections: 0

Detection Rate: 0%

Risk Score: 0/100

Abuse Confidence Score: 0%

Email IP Reputation Analysis

Blacklist Detections: 1

Detection Rate: 1%

Risk Score: 40/100

Email IP Blacklist Check Results

Primary Blacklist Status: Clean

Blacklist Detections: 1

Detection Rate: 1%

Risk Score: 40/100

Abuse Confidence Score: 0/100

Whitelisted: No

What is it?

RPKI is a security framework that verifies the authenticity of BGP route announcements, preventing route hijacking and BGP attacks.

Why is it important?

RPKI prevents attackers from hijacking your IP address space by announcing unauthorized routes. This is critical for infrastructure security. Without RPKI, attackers can redirect traffic intended for your domain to malicious servers, even if DNS and other security measures are in place.

What can go wrong if not properly setup?

Without RPKI: attackers can hijack your IP address space, redirect all traffic to malicious servers, intercept communications, and cause widespread service disruption. Route hijacking is a serious threat to internet infrastructure.

Technical Details

RPKI checks verify: 1) Route Origin Authorization (ROA) records exist for your IP address space, 2) Route announcements are valid according to RPKI. ROA records specify which ASNs are authorized to announce specific IP prefixes. Invalid announcements are rejected by RPKI-validating networks.