cedarreview.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-12 · ok HTTP/1.1 200 3135 ms crawled 2026-05-16

US · 172.67.215.213 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: The Cedar Review
Language: en

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Registration

Registrar

Cloudflare, Inc.

Created

2025-10-04

Expires

2027-10-04 501 days left

Updated

2025-10-04

Name servers

clay.ns.cloudflare.com
lisa.ns.cloudflare.com

DNS records live

NS

clay.ns.cloudflare.com
lisa.ns.cloudflare.com

MX

1 smtp.google.com

Verified for

Google

Email authentication weak

SPF

not published

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkncxyv+61Othn1m9BWnqlE/sgX9Bgh0OHog15u+bbWnCmXYXPgaBOMDnIZITkpJ4ohzuAAnsQQO1No…

selectors probed

Certificate (current)

WE1

from 2026-03-30 to 2026-06-28

Expires in 38 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://cedarreview.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self), camera=(self), fullscreen=(self "https://player.vimeo.com"), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), sync-xhr=(self), usb=(self)
x-content-type-options: nosniff
content-security-policy: base-uri 'none'; block-all-mixed-content; connect-src 'self' the-cedar-review.s3.eu-west-2.amazonaws.com accounts.google.com maps.googleapis.com *.constantcontact.com *.ctctcdn.com *.google-analytics.com *.vimeo.com; default-src blob:; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-ancestors none; frame-src 'self' *.google.com player.vimeo.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.vimeocdn.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' blob: 'nonce-S2VuTWNDYWxsdW1DU1BOb25jZQ==' *.cloudflare.com *.ctctcdn.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.stripe.com player.vimeo.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.ctctcdn.com accounts.google.com fonts.googleapis.com; upgrade-insecure-requests
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups

Links to (5)

Linked from (1)

smallbusinessbritain.uk×2