breadcrum.net

.net crawl

First seen 2026-04-13 · Last seen 2026-05-03 · ok HTTP/1.1 200 1060 ms crawled 2026-05-07

US · 66.241.124.113 · AS40509 Fly.io, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

Breadcrum

Description

Breadcrum internet newspaper clippings and bookmarks. Podcast anything.

Language

Feeds

Breadcrum Blog (JSON Feed) JSON Feed
Breadcrum Blog (RSS Feed) RSS

Open Graph

url: https://breadcrum.net//
title: Breadcrum
site name: Breadcrum
description: Personal private bookmarking with video, audio, and text archiving and podcasting tools.

Technology

Server: Fly
CMS: Gatsby

Social

Registration

Registrar

Cloudflare, Inc.

Created

2021-12-29

Expires

2026-12-29 224 days left

Updated

2025-06-14

Name servers

maeve.ns.cloudflare.com
remy.ns.cloudflare.com

DNS records live

NS

maeve.ns.cloudflare.com
remy.ns.cloudflare.com

MX

10 in1-smtp.messagingengine.com
20 in2-smtp.messagingengine.com

TXT

google-site-verification=M626MXiYsYCjuETluDEU9nzE8bnCM370090Vgau_IKI

Email authentication strong

SPF: v=spf1 include:spf.messagingengine.com -all
strict (-all)
DMARC: v=DMARC1; p=reject; sp=reject; pct=100; aspf=r; adkim=s; rua=mailto:77247e05fc684bd299c0537fb41942ca@dmarc-reports.cloudflare.net;
policy: reject (enforced) · sp=reject
DKIM: no key found at common selectors

Certificate (current)

from 2026-03-11 to 2026-06-09

Expires in 21 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://breadcrum.net/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;media-src *;img-src * data:;connect-src 'self' https://analytics.ahrefs.com;frame-src https://giscus.app https://platform.twitter.com https://fosstodon.org https://embed.bsky.app https://challenges.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://open.spotify.com https://geo.dailymotion.com https://rumble.com;script-src 'self' https://platform.twitter.com https://fosstodon.org/embed.js https://embed.bsky.app/static/embed.js https://analytics.ahrefs.com https://challenges.cloudflare.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: same-origin

Links to (5)

Linked from (1)

bret.io×2