baj-npo.org
baj-npo.org
HTML metadata
Technology
- Server
- nginx
- jQuery
- 3.6.1
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- www.googletagmanager.com×3
- fonts.googleapis.com×2
- fonts.gstatic.com×1
- www.google.com×1
Social
Contact
- Phone
Registration
- Registrar
- eNom, LLC
- Created
- 2005-02-25
- Expires
- 2027-02-25 280 days left
- Updated
- 2026-01-31
- Name servers
-
- dns1.name-services.com
- dns2.name-services.com
- dns3.name-services.com
- dns4.name-services.com
- dns5.name-services.com
DNS records live
- NS
-
- dns1.name-services.com
- dns2.name-services.com
- dns3.name-services.com
- dns4.name-services.com
- dns5.name-services.com
- MX
-
- 10 baj-npo.org
Email authentication weak
- SPF
-
v=spf1 +a:sv16003.xserver.jp +a:baj-npo.org +mx include:spf.sender.xserver.jp include:_spf.credit.j-payment.co.jp include:_spf.salesforce.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yCQaMwlbEXRO/LoRlrX0KAlEnaY86+OtZ9Sq/jRdfBPfDH2uZHiElQMYoS606O0dJIx0EkvMf9TCm…
selectors probed - default:
Certificate (current)
R12
Expires in 47 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.line-scdn.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com *.fontawesome.com jpostal-1006.appspot.com *.gstatic.com;frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.twitter.com *.line.me *.facebook.com *.doubleclick.net;media-src 'self' *.youtube.com *.youtube-nocookie.com;object-src 'self' *.youtube.com *.youtube-nocookie.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com;img-src 'self' data: blob: *.twitter.com *.google-analytics.com *.google.com placehold.jp *.google.co.jp *.gstatic.com;font-src 'self' data: fonts.gstatic.com *.fontawesome.com;connect-src 'self' api.iconify.design *.google-analytics.com *.googleanalytics.com *.google.com stats.g.doubleclick.net *.googleapis.com- strict-transport-security
max-age=31536000; includeSubDomains