authelia.com

.com crawl

First seen 2026-04-20 · Last seen 2026-05-14 · ok HTTP/1.1 200 1050 ms crawled 2026-05-14

US · 99.83.231.61 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

Authelia | Free Open-Source Software Modern IAM Solution

Description

Authelia is a free and open-source IAM platform and OpenID Certified™ OpenID Connect 1.0 provider; providing modern, flexible authentication and authorization.

Language

en-US

Canonical

https://www.authelia.com/

Feeds

Authelia RSS

Open Graph

url: https://www.authelia.com/
title: Authelia
site name: Authelia
description: Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. Authelia is an OpenID Connect 1.0 Provider which is OpenID Certified™ allowing comprehensive integrations, and acts as a companion for common reverse proxies.

Technology

CDN: Netlify

Social

Registration

Registrar

Scaleway SAS

Created

2017-01-28

Expires

2027-01-28 254 days left

Updated

2026-05-07

Name servers

bryce.ns.cloudflare.com
mona.ns.cloudflare.com

DNS records live

NS

bryce.ns.cloudflare.com
mona.ns.cloudflare.com

MX

10 mail.authelia.com
20 mail.zantek.com.au

TXT

google-site-verification=96HPtELvbsfi-Kqgk0T9_EKWTQpuQ2T28TdH3cBFAzw

Email authentication strong

SPF

v=spf1 a:mail.nerv.com.au include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:re+amc0dmabpol@dmarc.postmarkapp.com;

policy: reject (enforced)

DKIM

dkim: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XX9CvGMjkNh0qtShRIkhnsblHvj0yi9Yo0mh3/xTr07llFW9YZB6/95c/4CW53fdEq5…

selectors probed

Certificate (current)

from 2026-04-15 to 2026-07-14

Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.authelia.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self), microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; manifest-src 'self'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io; font-src 'self'; img-src 'self' https://avatars.githubusercontent.com https://github.com data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; base-uri 'self'
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin

Links to (8)

Linked from (1)

ezrizhu.com×2