indexo.dev

bad-dragon.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 451 ms crawled 2026-05-18

US · 104.20.12.101 · AS13335 Cloudflare, Inc.

Reputation 100/100

sector adult type homepage

HTML metadata

Title
Bad Dragon
Description
What's your fantasy? Bad Dragon sells a variety of sex toys, dildos, masturbators, and adult accessories based on fantastic creatures!
Language
en

Open Graph

title
Bad Dragon
description
What's your fantasy? Bad Dragon sells a variety of sex toys, dildos, masturbators, and adult accessories based on fantastic creatures!

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • cdn.hub-box.com×2
  • www.googletagmanager.com×2
  • analytics.ahrefs.com×1
  • challenges.cloudflare.com×1
  • secure.durango-direct.com×1
  • www.paypal.com×1

Registration

Registrar
NameCheap, Inc.
Created
2007-12-13
Expires
2026-12-13 207 days left
Updated
2025-12-13
Name servers
  • dora.ns.cloudflare.com
  • jim.ns.cloudflare.com

DNS records live

NS
  • dora.ns.cloudflare.com
  • jim.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 aspmx2.googlemail.com
  • 10 aspmx3.googlemail.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • apple-domain-verification=pRyvfQYAqHhkTYfO
  • google-site-verification=-Qlh6faAWoiVRcoRNFfNgWMj0mENYKYbTTS0s4_ZEJc
  • google-site-verification=_FGpSdBQb3L1gnhT1B186QRhV_yWPCbfK_yZJr8MxpY

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:mail.zendesk.com include:mailgun.org ip4:216.24.224.0/20 ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; sp=quarantine; fo=1; ri=86400; rua=mailto:dmarc@bad-dragon.com
policy: quarantine · sp=quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCL3jB+DmAd3uBPgNRUMNprIviW+K13w0BXrrHE1u7SkC/Yxl2Whch6MoOtI1sazyoccufhu1vJHCl2cXcv5+…
selectors probed

Certificate (current)

WE1
from 2026-04-08 to 2026-07-07
Expires in 49 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://bad-dragon.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY, SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
base-uri 'self';child-src https://*.kaptcha.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.hub-box.com https://*.kaptcha.com https://*.posthog.com http://*.bad-dragon.com https://acsbapp.com https://analytics.google.com https://secure.durango-direct.com https://*.braintreegateway.com https://*.braintree-api.com https://www.bdjf2ls.com https://*.paypal.com https://browser-intake-us5-datadoghq.com https://*.cloudflare.com https://*.ahrefs.com blob: data:;default-src 'self';font-src 'self' https://acsbapp.com https://fonts.gstatic.com data:;frame-src 'self' https://*.doubleclick.net https://*.hub-box.com https://*.kaptcha.com https://secure.durango-direct.com https://*.braintreegateway.com https://www.google.com https://*.paypal.com https://player.vimeo.com https://*.cloudflare.com;img-src 'self' https://bad-dragon-production.s3.us-west-2.amazonaws.com/ https://bad-drago
strict-transport-security
max-age=15552000

Linked from (14)