anton.app

.app crawl

First seen 2026-04-14 · Last seen 2026-05-17 · ok HTTP/1.1 200 973 ms crawled 2026-05-07

DE · 128.65.209.25 · AS34309 Link11 GmbH

Reputation 100/100

Classifying

HTML metadata

Title: ANTON - the free learning app for school
Description: ANTON - the free learning app for school
Language: en

Open Graph

title: ANTON - the free learning app for school

Technology

Server: nginx

DNS records live

NS

helium.ns.hetzner.de
hydrogen.ns.hetzner.com
oxygen.ns.hetzner.com

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

google-site-verification=1mGdXOQlczMP6d9d36MBuXJdGekaYR3CYEdihld-Bm4
pinterest-site-verification=0c29f717afa26d20452f57dfd28ac3be

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:spf6156.smtpeter.com -all

strict (-all)

DMARC

v=DMARC1;p=quarantine;pct=10;rua=mailto:dmarc@smtpeter.com

policy: quarantine · pct=10

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9+Xh7WUe3qXyBHQS3xQwbFYqRtNvdDN0JZCdH52VEmfnlpUJnbsZBzYQEpeky1uZcvV3udoWWq1S8…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-01-20 to 2027-02-11

Expires in 267 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://anton.app/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: ALLOW-FROM https://anton.app https://solocode.com
x-content-type-options: nosniff
content-security-policy: default-src blob:; frame-src *.paypal.com blob:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.solocode.com *.anton.app projects-csqzcpu79ce2yva.netdna-ssl.com *.paypal.com wss: blob:; media-src data: * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com blob:; frame-ancestors 'self' *.solocode.com ; style-src 'unsafe-inline'; img-src 'self' *.solocode.com *.anton.app *.facebook.com data: blob:; font-src data:; base-uri 'self'; form-action 'self'
strict-transport-security: max-age=31536000; includeSubDomains; preload