⬇ Download This Report (HTML)
Secure
Gap
Partial
ℹ Info
CF Opportunity
At-a-Glance — Who Runs What
API ALREADY ON CLOUDFLARE (via cct-pubweb.com)
DNS
GoDaddy
2 NS · No DNSSEC · ~15+ years
CDN
AWS CloudFront
www only · F5 BigIP on apex
WAF
AWS WAF
Basic rules · S3 error page
Bot Management
None
No bot protection in place
API Security
Cloudflare
api.claytonhomes.com on CF
Network DDoS
ISP-only (Charter & AT&T)
768 IPs · No scrubbing
Email Security
Proofpoint
DMARC reject · SPF ~all
Identity / SSO
Okta
Active tenant confirmed
Firewall / SD-WAN
Cisco
FMC + Meraki + Intersight
AI Platform
Anthropic (Claude)
Domain-verified via TXT
Load Balancer
F5 BigIP
Apex redirect · On-prem legacy
Cloud / Platform
AWS + GCP
API Gateway · React SPA
Core Infrastructure
GoDaddy Managed DNS
Nameservers
2 GoDaddy NS ns71.domaincontrol.com ns72.domaincontrol.com
CAA Records
None Published
Wildcard
Yes → 11.9.0.1 (catch-all)
Est. Activation
~2005–2010 Medium
CF Opportunity: 1-click DNSSEC, CAA mgmt, native IPv6, DNS analytics, sub-10ms global resolution
AWS CloudFront CDN
Category
Content Delivery Network
Coverage
www, images, careers, staging Via claytonbuilthomes.com CNAME
Caching
Active x-cache: Hit from cloudfront
Gaps
Apex (F5 BigIP), blog (ELB), smtp/pop — NO CDN
Double-Hop
API: CF → CloudFront → origin (extra latency)
Header Leaks
x-amz-cf-pop, x-amzn-trace-id, x-amz-apigw-id exposed
Est. Activation
~2018–2020 Medium
CF Opportunity: Unified CDN across ALL subdomains + sister domains, eliminate double-hop, header stripping
AWS WAF Web Application Firewall
Category
Web Application Firewall
XSS Test
Blocked — HTTP 403
SQLi Test
Blocked — HTTP 403
Error Page
Static S3 page — reveals AWS WAF vendor
Coverage
www only — apex, blog, smtp unprotected
Rate Limiting
None detected
Est. Activation
~2020–2022 Medium
CF Opportunity: Managed WAF rulesets, custom error pages, ALL-domain coverage, rate limiting
None Detected Bot Management
Status
No bot mgmt visible
JS Challenge
None observed
Risk
Home search scraping, lead-gen bot abuse, competitor intelligence
Note
No CAPTCHA, no JS challenge, no bot score headers on any subdomain
CF Opportunity: Cloudflare Bot Mgmt — homebuilder-specific protection for search & lead forms
Cloudflare API Security (api.claytonhomes.com)
Category
API Security / CDN
CF-Ray
Confirmed server: cloudflare
CSP
frame-ancestors 'none'
Double-Hop
CF → CloudFront → origin (unnecessary)
Platform
Via cct-pubweb.com (Clayton's web platform)
CF Opportunity: Expand from API-only to full stack. Remove CloudFront double-hop. Add API Shield.
Cloud, Hosting & Network
Amazon AWS Primary Cloud
Category
Cloud Hosting (Primary)
Services
CloudFront CDN, API Gateway, ELB, S3
Subdomains
www, api, blog, media, images, careers, staging
API Gateway
x-amzn-requestid, x-amz-apigw-id exposed
Blog/Media
prod-claytonhomes-external-alb (us-east-1)
Est. Activation
~2018–2020 High
CF Opportunity: Cloudflare in front of AWS — header stripping, caching, WAF for all subdomains
F5 BigIP Legacy Load Balancer
Category
On-Prem Load Balancer
Location
Apex (claytonhomes.com) → 216.77.95.79
Function
301 redirect to www.claytonhomes.com
Header
Server: BigIP exposed
Protection
No CDN, no WAF, no DDoS on apex
Est. Activation
Pre-2010 High
CF Opportunity: Replace F5 redirect with Cloudflare Page Rule — eliminate SPOF hardware
Clayton Homes On-Prem (AS395227)
Category
Self-Managed Network
ASN
AS395227 (CMH Services Inc.)
IP Blocks
216.77.95.0/24 71.86.252.0/24 12.187.19.0/24 (768 total IPs)
Transit
Charter/Spectrum (AS20115) AT&T (AS7018)
DDoS
None — direct transit only
Est. Activation
~2016–2018 High
CF Opportunity: Magic Transit for DDoS scrubbing on 3 /24 blocks
Starfield / GoDaddy SSL/TLS Certificates
Category
Certificate Management
Cert Type
Extended Validation (EV) Clayton, Inc., Maryville TN
Issuer
Starfield Secure CA - G2 (GoDaddy subsidiary)
EV Value
EV green bar removed from all browsers since 2019 — paying premium for no UI benefit
CF Opportunity: Free Universal SSL, Advanced Certificate Manager, auto-renewal
cct-pubweb.com Clayton Web Platform
Category
Internal Web Platform
Subdomains
api, staging, careers, admin, images
Analytics
Segment + Google Tag Manager (2 containers)
Marketing
Salesforce MC (my.claytonhomes.com → sfmc-content.com)
Est. Activation
~2020–2022 Medium
CF Opportunity: Cloudflare works as edge proxy in front of the cct-pubweb platform
Email, Identity & Security
Proofpoint Email Security Gateway
MX
mxa/mxb-000e6302.gslb.pphosted.com (pri 10)
DMARC
p=reject (strongest)
SPF
Soft fail (~all) — should be -all
DKIM
SendGrid (s1/s2/cm) + custom (k1)
Est. Activation
~2018–2020 High
CF Opportunity: CF Email Security (CES) — complement or replace Proofpoint for BEC protection
Okta SSO / Identity Provider
Category
Identity & Access
Tenant
claytonhomes.okta.com Active
Verification
HTTP 302 → /app/UserHome + x-okta-request-id
Also Active
Microsoft 365 (MS=ms59724742) + Google Workspace (3× verified)
Zero Trust
No ZT architecture detected
Est. Activation
~2020 High
CF Opportunity: Cloudflare One (ZTNA + SASE) — Okta integration is straightforward
Cisco Network Security (FMC / Meraki)
Category
Firewall / SD-WAN
FMC
Firewall Management Center (TXT record)
Meraki
SD-WAN / networking
Intersight
Cloud infrastructure mgmt
VPN
Likely Cisco AnyConnect (inferred from FMC)
Confidence
High (TXT records)
CF Opportunity: Cloudflare WARP replaces VPN · Magic WAN replaces SD-WAN
Twilio SendGrid Transactional Email
Category
Transactional Email
Purpose
Order confirmations, home purchase updates, notifications
Also
Emma (e2ma) x3 — email marketing Oracle Cloud — email delivery
Note
3 email delivery vendors (SendGrid, Emma, Oracle) — fragmented
Valimail DMARC Reporting & Auth
Category
Email Authentication
SPF
Valimail macro-based SPF (%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email)
DMARC RUA
dmarc_agg@vali.email
SPF Issue
~all (soft fail) — not enforcing hard rejection
Sister Gap
vanderbiltmortgage DMARC reports to onsecureserver.net, not Valimail
Security Headers — www.claytonhomes.com vs api.claytonhomes.com
HSTS HTTP Strict Transport Security
Risk
Vulnerable to SSL stripping / downgrade attacks
CF: One-click HSTS via Transform Rules
CSP Content Security Policy
api
frame-ancestors 'none'
Risk
No XSS/injection protection at browser level on main site
CF: Response header Transform Rules
X-Frame-Options Clickjacking Protection
Risk
Main site can be embedded in malicious iframes
CF: Auto-added with Cloudflare proxy
X-Content-Type-Options MIME Sniffing
Risk
Browser may interpret files as wrong content type
CF: Transform Rules, zero code change
Referrer-Policy Referrer Control
Risk
Full referrer URLs leaked to third-party scripts
CF: Transform Rules, zero code change
Permissions-Policy Feature Restrictions
Risk
No restrictions on camera, mic, geolocation access
CF: Transform Rules, zero code change
AI Platforms, SaaS & Third-Party Services
Anthropic Claude AI
Evidence
anthropic-domain-verification TXT record
Use Cases
Likely: AI assistants, home configuration, analysis tools
CF: AI Gateway for observability + rate limiting + caching
Atlassian Jira / Confluence
Evidence
2× atlassian-domain-verification TXT records
Purpose
Project mgmt, wiki, engineering collaboration
DocuSign E-Signature
Evidence
2× docusign TXT verification
Purpose
Home purchase contracts, mortgage docs, dealer agreements
Docker Container Platform
Evidence
docker-verification TXT record
Purpose
Docker Business/Enterprise — containerized apps
Smartsheet Project Management
Evidence
smartsheet-site-validation TXT record
Purpose
Project tracking, manufacturing coordination
Zoom / TeamViewer Remote Access
Evidence
ZOOM_verify + teamviewer-sso-verification TXT
Purpose
Video conferencing, remote support for plants/dealers
Subsidiaries & Sister Domains
vanderbiltmortgage.com Mortgage Subsidiary
Hosting
AWS Global Accelerator (3.33.251.168, 15.197.225.128)
WAF/CDN
NONE — zero edge protection
Email
DMARC reporting to onsecureserver.net, not Valimail
CF Opportunity: Unprotected mortgage subsidiary — sensitive financial data with no WAF/CDN
21stmortgage.com Isolated Subsidiary
DNS
Network Solutions (worldnic.com) — different from parent
Hosting
Self-hosted (143.59.192.103) — own IP
Email
FortiMail Cloud — NOT Proofpoint like parent
DMARC
p=quarantine (should be reject)
Security
HSTS + X-Frame-Options SAMEORIGIN
CF Opportunity: Most isolated sub — different DNS, email, hosting. Easy consolidation target.
clayton.com Corporate Brand Domain
DNS
DigiCert DNS — yet another DNS provider
Hosting
Google Cloud Platform (35.215.123.236)
Stack
Completely different from homes division (GCP vs AWS)
Note
Corporate rebrand site — separate IT ownership
CF Opportunity: Consolidate corporate domain under same CF account
claytonbuilthomes.com Primary Website CNAME Target
Role
www.claytonhomes.com CNAMEs here
CDN
CloudFront (inherited)
Note
Operational domain — not user-facing brand
claytonproperties.com No Email Security
Hosting
AWS Global Accelerator (15.197.148.33, 3.33.130.190)
Email
No MX, No DMARC, No SPF — phishing vector
Also
claytonconnectedhome.com → 11.9.0.1 (parked/abandoned)
CF Opportunity: Zero email protection — brand impersonation risk
Legacy Infrastructure & Shadow IT
admin.claytonhomes.com PRIVATE IP LEAKED
Finding
Resolves to 10.190.11.51 (RFC 1918 private address)
Risk
HIGH — reveals internal network topology
CNAME
admin.claytonhomes.com.cct-pubweb.com
Fix
Remove from public DNS or proxy via Cloudflare Access
smtp / pop Legacy Mail Servers
Finding
smtp: 216.77.95.10 pop: 216.77.95.9 (Clayton-owned IP space)
Risk
HIGH — POP3 is unencrypted; direct IP exposure
Note
Self-hosted mail alongside Proofpoint — never decommissioned
Fix
Migrate to modern mail or restrict access
staging.claytonhomes.com Staging Exposed
Finding
claytonhomes.prod-staging.cct-pubweb.com → publicly accessible
Risk
MEDIUM — pre-release content visible
Fix
Gate behind Cloudflare Access (Zero Trust)
Also
Wildcard *.claytonhomes.com → 11.9.0.1 masks real shadow services
Header / Origin Leaks Info Disclosure
AWS API GW
x-amzn-requestid, x-amz-apigw-id exposed
CloudFront
x-amz-cf-pop, x-amz-cf-id (data center IDs)
F5 BigIP
Server: BigIP (appliance type revealed)
AWS ELB
Full ALB hostname reveals us-east-1 region
Architecture Debt Double-Proxy
API Path
Client → Cloudflare → CloudFront → Origin (unnecessary double-hop)
www Path
Two CloudFront distributions in via header chain
Impact
Added latency (~30-50ms), double CDN cost
Fix
Remove CloudFront from API path; use Cloudflare exclusively
Competitive Landscape — Who Uses What
Cavco Industries #1 Competitor — ON CLOUDFLARE
CDN/WAF
Cloudflare HSTS enabled
Also on CF
palmharbor.com fleetwoodhomes.com (all Cavco subsidiaries)
Cloudflare?
FULL PORTFOLIO — best competitor reference
D.R. Horton $36B Revenue — ON CLOUDFLARE
Note
Largest US homebuilder by revenue
Lennar $34B Revenue — ON CLOUDFLARE
DNS
Cloudflare NS (full delegation)
Note
Deepest CF integration — NS fully on Cloudflare
PulteGroup $16B Revenue — ON CLOUDFLARE
DNS
Self-managed (ns1.pulte.com)
Note
Self-managed DNS + CF CDN/WAF
Champion / Skyline / Marlette Other Competitors
Champion
Network Solutions · unnamed CDN
Skyline
Network Solutions · unnamed CDN
Marlette
GoDaddy · no CDN detected
Top 5 Cloudflare Sales Entry Points
#1 — Expand from API CDN + WAF + Bot Mgmt
API is already on Cloudflare . Main site has zero security headers, no bot mgmt, no rate limiting . "Why isn't your main site getting the same protection as your API?"
#2 — Competitor Gap Cavco + DR Horton + Lennar on CF
Your #1 competitor (Cavco) and the 3 largest homebuilders are all on Cloudflare. Clayton is the outlier. "Are you comfortable with that gap?"
#3 — On-Prem DDoS Magic Transit + Spectrum
3 /24 blocks (AS395227) with no DDoS scrubbing . Direct transit via Charter + AT&T. F5 BigIP on apex unprotected. 768 IPs vulnerable.
#4 — Zero Trust / SASE Cloudflare One
Okta + Cisco FMC/Meraki but no ZTNA . Admin subdomain leaking private IPs. Staging exposed. WARP + Access replaces VPN + gates internal apps.
#5 — AI Gateway AI Gateway
Confirmed Anthropic (Claude AI) via TXT. AI Gateway: observability, caching, rate limiting for AI API calls. Also: Email Security to complement Proofpoint.