blbbigmama.eu
blbbigmama.eu
HTML metadata
Technology
- Server
- Apache
- CMS
- Gatsby
DNS records live
- NS
-
- ns65.domaincontrol.com
- ns66.domaincontrol.com
- MX
-
- 0 smtp.secureserver.net
- 10 mailstore1.secureserver.net
- TXT
-
D6486333
Email authentication weak
- SPF
-
v=spf1 include:secureserver.net -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E8
Expires in 58 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN, SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.zendesk.com *.zdassets.com *.edrone.me *.zopim.com *.meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.payp