alahlyegypt.com

HTML metadata

Title

الموقع الرسمي للنادي الأهلي المصري

Description

الموقع الرسمي للنادي الأهلي المصري - كل الأخبار والبطولات والفعاليات

Canonical

https://www.alahlyegypt.com/ar

Translations

ar
en
fr

Open Graph

url: https://www.alahlyegypt.com/ar
title: الموقع الرسمي للنادي الأهلي المصري
locale: ar
site name: الموقع الرسمي للنادي الأهلي المصري
description: الموقع الرسمي للنادي الأهلي المصري - كل الأخبار والبطولات والفعاليات

Technology

Server: nginx
CMS: Next.js

Analytics

Google Analytics
Google Tag Manager

Ads

Meta Pixel

Social widgets

Twitter Widget

Third-party hosts loaded (6)

alahly-images.s3.us-east-2.amazonaws.com×1
connect.facebook.net×1
platform.twitter.com×1
www.google-analytics.com×1
www.googletagmanager.com×1
www.instagram.com×1

Registration

Registrar

GoDaddy.com, LLC

Created

2014-05-26

Expires

2028-05-26 736 days left

Updated

2025-05-07

Name servers

grant.ns.cloudflare.com
ines.ns.cloudflare.com

DNS records live

NS

grant.ns.cloudflare.com
ines.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK+MMf5RnUsoJNU34viwkl+k5mrWnhsQgDbxcIPRifNGh7nH77JZxl339OhrRUc8k489QN0pnuCXar8HefRFnpgH7lDMe2e/d1cqNyWEqFh7dG70ybeL6RNf7b/ujljtSiInlp7/VQ0lNl6frzGzDJUHHX9huwFbz6WAGWSn91haD20I0ezazqhhUpwIDLp2bXKLo+hPmq6mmM48W6HODtsXS+oCdv/tAO1jtl8TYZfcCdSg5Ek0gFNSqDTzO6GtNWuhW9Kz8Bb+ZLCJ53mky9uVIhEax1iF9YybUWOA7J7EMlQAGmutFfFrSUOzcJkG1lOTErKqzwzcEIDx+dMzowIDAQAB

Verified for

Google

Email authentication weak

SPF: v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-12 to 2026-07-11

Expires in 52 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://alahlyegypt.com/ar

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: ALLOWALL
permissions-policy: camera=(), microphone=(), geolocation=(), autoplay=(self "https://www.youtube.com" "https://www.facebook.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.facebook.com https://web.facebook.com https://www.youtube.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com https://tagmanager.google.com https://platform.twitter.com https://platform.x.com https://www.instagram.com https://static.cdninstagram.com https://fabmisr.gateway.mastercard.com https://test-gateway.mastercard.com https://*.gateway.mastercard.com; style-src 'self' 'unsafe-inline' https://static.xx.fbcdn.net https://fonts.googleapis.com https://www.facebook.com https://*.fbcdn.net https://platform.twitter.com https://platform.x.com https://www.instagram.com https://static.cdninstagram.com https://tagmanager.google.com; img-src 'self' blob: data: https: https://*.fbcdn.net https://*.facebook.com https://i.ytimg.com https://scontent.fcai20-2.fna.fbcdn.net https://bk.alah
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (7)

Linked from (1)

drumfilling.com×1