badgr.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-14 · ok HTTP/1.1 200 577 ms crawled 2026-05-08

US · 52.26.116.64 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Parchment Digital Badges
Description: A global platform for issuing skills-aligned digital badges and creating stackable learning pathways that support recognition across learning ecosystems.
Language: en

Registration

Registrar

Gandi SAS

Created

2008-06-25

Expires

2026-06-25 37 days left

Updated

2025-05-25

Name servers

ns-1470.awsdns-55.org
ns-1803.awsdns-33.co.uk
ns-76.awsdns-09.com
ns-810.awsdns-37.net

DNS records live

NS

ns-1470.awsdns-55.org
ns-1803.awsdns-33.co.uk
ns-76.awsdns-09.com
ns-810.awsdns-37.net

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

status-page-domain-verification=wcm584hgg814

Email authentication strong

SPF

v=spf1 include:amazonses.com include:stspg-customer.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:fc92c7c69de4119@rep.dmarcanalyzer.com; ruf=mailto:fc92c7c69de4119@for.dmarcanalyzer.com; fo=1; aspf=s;

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpcJ0kDarLsg6faKrzZlbSfYkXzNlIObwb5lp2E//XcYe0NwCIBgT3ED8K3t3oUxziJvl4Pht6en3b…

selectors probed

Certificate (current)

Amazon RSA 2048 M04

from 2025-10-11 to 2026-11-09

Expires in 174 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://badgr.com/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com *.googleapis.com *.pendo.io 'unsafe-inline' *.eesysoft.com 'self' ; script-src www.gstatic.com *.pendo.io translate.google.com *.googleapis.com *.eesysoft.com 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'self' 'nonce-4fmjhp4RKf1noyPkPNh97xeDnNRBw7n1' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'unsafe-hashes'; font-src *.eesysoft.com *.pendo.io 'self'; img-src * data: blob:; connect-src * data:; frame-src 'self' *; worker-src 'self' blob: *.pendo.io; report-uri /api/csp-report;
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-security-policy-report-only: frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src 'self'; object-src 'none'; style-src www.gstatic.com *.googleapis.com *.pendo.io 'unsafe-inline' *.eesysoft.com 'self' ; script-src www.gstatic.com *.pendo.io translate.google.com *.googleapis.com *.eesysoft.com 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'self' 'nonce-4fmjhp4RKf1noyPkPNh97xeDnNRBw7n1' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'unsafe-hashes'; font-src *.eesysoft.com *.pendo.io 'self'; img-src * data: blob:; connect-src 'self' https://badges.parchment.com https://www.gravatar.com *.pendo.io *.eesysoft.com *.instructure.com *.googleapis.com translate.google.com data:; frame-src 'self'; worker-src 'self' blob: *.pendo.io; base-uri 'self'; report-uri /api/csp-report;