indexo.dev

baldlooks.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-03 · ok HTTP/1.1 200 2384 ms crawled 2026-05-07

US · 104.21.43.167 · AS13335 Cloudflare, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
BaldLooks | See yourself shaved, no shaving required
Description
Upload a few photos and preview AI renders of yourself with a clean shaved head before you commit to the razor.
Language
en
Canonical
https://baldlooks.com

Open Graph

url
https://baldlooks.com
title
BaldLooks | See yourself shaved, no shaving required
site name
BaldLooks
description
Upload a few photos and preview AI renders of yourself with a clean shaved head before you commit to the razor.

Technology

CDN
Cloudflare
CMS
Next.js

Third-party hosts loaded (1)

  • www.facebook.com×1

Social

Registration

Registrar
Cloudflare, Inc.
Created
2026-03-26
Expires
2027-03-26 309 days left
Updated
2026-03-26
Name servers
  • lex.ns.cloudflare.com
  • nola.ns.cloudflare.com

DNS records live

NS
  • lex.ns.cloudflare.com
  • nola.ns.cloudflare.com
MX
  • 15 route1.mx.cloudflare.net
  • 67 route2.mx.cloudflare.net
  • 82 route3.mx.cloudflare.net
Verified for
  • Ahrefs
  • Brevo
  • Google
  • Meta

Email authentication strong

SPF
v=spf1 include:_spf.mx.cloudflare.net -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:a13f0ab0f0594c6f8ef68708bd6fa7dd@dmarc-reports.cloudflare.net,mailto:rua@dmarc.brevo.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

E7
from 2026-03-26 to 2026-06-24
Expires in 35 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://baldlooks.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' https://api.baldlooks.com https://connect.facebook.net https://www.facebook.com https://www.redditstatic.com https://polar.sh https://sandbox.polar.sh https://buy.polar.sh https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: https://api.baldlooks.com; font-src 'self' data: https://www.redditstatic.com; connect-src 'self' https://api.baldlooks.com https://connect.facebook.net https://graph.facebook.com https://www.facebook.com https://www.redditstatic.com https://alb.reddit.com https://pixel-config.reddit.com https://ads.reddit.com https://polar.sh https://sandbox.polar.sh https://buy.polar.sh https://challenges.cloudflare.com; frame-src 'self' https://polar.sh https://sandbox.polar.sh https://buy.polar.sh https://challenges.cloudflare.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; worker-src 'self' blob:; upgrade-insecure-requests

Links to (4)

Linked from (1)