bowlsenglandcomps.com
bowlsenglandcomps.com
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- WordPress
- jQuery
- 3.1.1 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (3)
- js.stripe.com×1
- unpkg.com×1
- www.googletagmanager.com×1
Social
Registration
- Registrar
- eNom, LLC
- Created
- 2019-10-04
- Expires
- 2027-10-04 488 days left
- Updated
- 2023-10-04
- Name servers
-
- lisa.ns.cloudflare.com
- west.ns.cloudflare.com
DNS records live
- NS
-
- lisa.ns.cloudflare.com
- west.ns.cloudflare.com
- MX
-
- 0 _dc-mx.f7ede7ab0b0a.bowlsenglandcomps.com
Email authentication partial
- SPF
-
v=spf1 include:sendgrid.net -allstrict (-all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
-
- s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPI3SsX0DURGTmIks41stPd68WomEz3GW2R/aH7OiOJvA3M/Ar7NmzEZTYsluFrmqS2psYjfQO4e/DTIFs… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoejTfE2DaTf3FqinAzckydxnO3DFoLhb433Y6LwT4aNCk4DkAnHk63TiABbWd49WChjCjnXwSrK8pdAqRLEnjuN…
selectors probed - s1:
Certificate (current)
WE1
Expires in 68 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
Deny- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; frame-ancestors https://*.test https://*.b4b.dev https://*.ec4.dev; default-src https: ws: wss: gap: data: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; object-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com; media-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com;