chiply.dev
chiply.dev
HTML metadata
Technology
- CDN
- Vercel
Third-party hosts loaded (2)
- cdn.jsdelivr.net×3
- cdnjs.cloudflare.com×3
DNS records live
- NS
-
- ns1.vercel-dns.com
- ns2.vercel-dns.com
- Verified for
-
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 71 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(), microphone=(), camera=(), payment=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.clarity.ms https://scripts.clarity.ms https://va.vercel-scripts.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: blob: https:; font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://api.buttondown.com https://api.github.com https://*.algolia.net https://*.algolianet.com https://www.clarity.ms https://va.vercel-scripts.com https://*.ingest.us.sentry.io https://cdn.plot.ly https://data.cdc.gov; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://cn-diagrams.vercel.app https://schema-diagrams.vercel.app; object-src 'none'; base-uri 'self'; form-action 'self' https://api.buttondown.com; upgrade-insecure-requests- strict-transport-security
max-age=31536000; includeSubDomains