boltbunny.app

.app crawl

First seen 2026-04-27 · Last seen 2026-05-17 · ok HTTP/1.1 200 3198 ms crawled 2026-05-05

US · 3.174.113.56 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Free WiFi Speed Test - No Ads | AIM Score | Bolt Bunny
Description: Test your WiFi speed in seconds with Bolt Bunny. Get your AIM Score — download, upload, ping & jitter combined into one number. No ads, no tracking, no signup.
Language: en
Canonical: https://boltbunny.app/

Open Graph

url: https://boltbunny.app/
title: Free WiFi Speed Test - No Ads | Bolt Bunny
description: Test your WiFi speed and get your AIM Score — download, upload, ping & jitter in one number. No ads, no tracking. Free forever.

Technology

CDN: Amazon CloudFront
Server: AmazonS3

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
accounts.google.com×1
fonts.gstatic.com×1

DNS records live

NS

ns-1137.awsdns-14.org
ns-1837.awsdns-37.co.uk
ns-329.awsdns-41.com
ns-924.awsdns-51.net

MX

10 inbound-smtp.us-east-1.amazonaws.com

Certificate (current)

Amazon RSA 2048 M04

from 2026-01-20 to 2027-02-19

Expires in 276 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://boltbunny.app/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://snapitanalytics.com https://accounts.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://unpkg.com https://cdn.tailwindcss.com https://api.web3forms.com https://www.googletagmanager.com https://sphinxagent.ai; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; img-src 'self' data: blob: https:; connect-src 'self' https: wss:; frame-src 'self' https://accounts.google.com https://js.stripe.com https://*.google.com; object-src 'none'; base-uri 'self'
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none

Links to (12)

Linked from (10)