Security Standards
Maintaining the security of the Robocat ecosystem is a shared responsibility. This guide provides technical partners with the necessary information to verify official digital environments and protect against non-standard mirrors.
Identifying Official Environments
Official Robocat environments can be identified through a combination of domain verification, SSL certificate inspection, and asset source validation.
Domain Validation
Always check the browser address bar. Official sites will only reside on robocat.com or robocat-support.online.
Certificate Check
Verify that the SSL certificate is issued to Robocat Technical Infrastructure by a recognized authority.
Asset Integrity
All technical assets should be served from static.robocat.com with valid Subresource Integrity (SRI) hashes.
Verification Checklist
Use the following technical checklist when auditing a Robocat-integrated environment:
| Verification Step | Requirement | Status |
|---|---|---|
| DNS Resolution | Must resolve to authorized IP ranges. | Mandatory |
| SSL Protocol | Minimum TLS 1.2 with strong ciphers. | Mandatory |
| Header Security | HSTS and Content-Security-Policy present. | Recommended |
| Asset Source | Loaded via https://static.robocat.com/. |
Mandatory |
Distinguishing Non-Standard Mirrors
Non-standard mirrors often lack the full infrastructure specifications required for secure operation. Key indicators of a non-standard environment include:
- Use of Domain Validated (DV) certificates instead of OV/EV.
- Inconsistent branding assets or outdated logos.
- Missing technical documentation links to this portal.
- Slow response times from unauthorized edge nodes.
Security Alert: If you encounter a digital environment that claims to be an official Robocat resource but fails any of the verification steps above, please report it immediately via the Support Form.