indexo.dev

bollnasflames.se

.se crawl

First seen 2026-06-01 · Last seen 2026-06-01 · ok HTTP/1.1 200 1572 ms crawled 2026-06-01

SE · 93.188.2.55 · AS39570 Loopia AB

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Bollnäs Flames
Language
sv-SE
Generator
WordPress 7.0
Canonical
https://bollnasflames.se/
Feeds

Technology

Server
nginx
CMS
WordPress 7.0
PHP
8.3.30 security-only
jQuery
3.7.1
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • fonts.googleapis.com×3
  • fonts.gstatic.com×1
  • gmpg.org×1

DNS records live

NS
  • ns1.loopia.se
  • ns2.loopia.se
MX
  • 10 mailcluster.loopia.se
  • 20 mail2.loopia.se

Email authentication weak

SPF
v=spf1 include:spf.loopia.se -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-03 to 2026-07-02
Expires in 30 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://bollnasflames.se/

present
  • content-security-policy
  • permissions-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
Header values
permissions-policy
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")
content-security-policy
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: ; object-src 'self' data: blob: ; frame-src 'self' data: blob: ;

Links to (1)

Linked from (1)