ambr.io

.io crawl

First seen 2026-04-22 · Last seen 2026-05-16 · ok HTTP/1.1 200 6596 ms crawled 2026-05-16

US · 104.18.27.197 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Amber Premium
Language: en

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights
Google Tag Manager

Cookie consent

OneTrust

Third-party hosts loaded (3)

cdn-apac.onetrust.com×2
static.cloudflareinsights.com×1
www.googletagmanager.com×1

DNS records live

NS

vip7.alidns.com
vip8.alidns.com

MX

1 smtp.google.com

CNAME

ambr.io.cdn.cloudflare.net

TXT

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pMzryos9Q7/s3KKf4iSN2SfYdloy5uXPe5ipzn9BKTmsTzwp5+Ho/zp7+dlBV9e8OUHbbLyYcKm9+E3sAt8kFN0LUnFthp2NiauSd/ZcMCUhkK6BnvsMk8HtoxuDWooBi7bK0RWhf8ejabhJ7OWMl4d70bi533brPOap61s5WewezHanAT3VYYDBPj5JQZKlqevk4Pl5bAiXjeu8ESawQ2XVHQo2/WNJ9IIHd5FUevCBDALlatz6hV1Qs6uBtypl9+J5ied/PSbaCXzZFSQj0O/RnB8pxi2VcxN1SivMaEk7F/4UpBp4JyfclBwKq54ZwQB+kBEEdwGewww6wRVywIDAQAB

Verified for

Google

Email authentication strong

SPF

v=spf1 include:mail.zendesk.com include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc-it@ambr.io

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pMzryos9Q7/s3KKf4iSN2SfYdloy5uXPe5ipzn9BKTmsTzwp5+Ho/zp7+dlBV9e8OUHbbLyYcKm9+…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sCSp7W8el/EiQABxzQLF/iplm2Egv3q6pITxjypwpoEdlMF6qoXygyQKsV8R5isfjw8EFR6Ua4mDSlT0a…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurBASnEI+irbJT8TFAspMSIN98BXL8ugh4PiPIOGmoUe8UtwVfohAye9EeDhMnJZLotQg6oOGuXee2uEPe…

selectors probed

Certificate (current)

Encryption Everywhere DV TLS CA - G2

from 2026-02-26 to 2026-08-28

Expires in 99 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 55/100 Checked live page: https://www.ambr.io/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: sameorigin
x-content-type-options: sniff
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net googleads.g.doubleclick.net www.google.com static.zdassets.com static.cloudflareinsights.com static.portal101.cn *.ambr.io *.ambergroup.io *.geetest.com api.smooch.io cdn-apac.onetrust.com appleid.cdn-apple.com js.adsrvr.org unpkg.com websdk.appsflyer.com whalefin-user-prod.s3.ap-northeast-1.amazonaws.com www.googletagmanager.com www.google-analytics.com *.sparrowexchange.com *.whalefin.com *.geevisit.com *.gsensebot.com www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com dn-staticdown.gbox.me; img-src 'self' data: www.facebook.com www.google.com s3.ambergroup.io ambr-s3-uat.ambergroup.io cdn.redoc.ly amber-aceup-test.oss-cn-hongkong.aliyuncs.com amber-whalefin-public-noprod.s3-website-ap-northeast-1.amazonaws.com amberapollo.zendesk.com *.ambr.io ct8i3d5a1k.execute-api.ap-northeast-1.amazonaws.com cdn-apac.onetrust.com *.geetest.com whalefin-user-prod.s3.ap-northeast-1.amazonaws.com www.google.com.hk www.googletagm

Linked from (1)

ambergroup.io×2