awesimo.io
HTML metadata
Technology
- CMS
- Next.js
Third-party hosts loaded (1)
- d13vryt5rwj6cx.cloudfront.net×1
Social
DNS records live
- NS
-
- ns-1344.awsdns-40.org
- ns-1868.awsdns-41.co.uk
- ns-328.awsdns-41.com
- ns-749.awsdns-29.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- Verified for
-
- 1Password
Email authentication weak
- SPF
- not published
- DMARC
-
v=DMARC1; p=nonepolicy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M01
Expires in 270 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
origin-when-cross-origin- x-frame-options
DENY- permissions-policy
camera=(), battery=(self), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' assets.awesimo.io *.stripe.com *.sentry.io *.youtube.com *.twitter.com *.googletagmanager.com; child-src 'self' *.stripe.com *.youtube.com *.google.com *.twitter.com; frame-src *.stripe.com verify.walletconnect.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src * blob: data:; media-src 'self' assets.awesimo.io; connect-src * blob: data:; font-src 'self' assets.awesimo.io- strict-transport-security
max-age=31536000; includeSubDomains; preload