clinked.app
HTML metadata
Technology
- CDN
- Amazon CloudFront
DNS records live
- NS
-
- ns-1242.awsdns-27.org
- ns-1814.awsdns-34.co.uk
- ns-453.awsdns-56.com
- ns-672.awsdns-20.net
- TXT
-
google-site-verification=YznOLvZYXo9966gPxapFJpt8UBybv8VdDB8220mA_gs
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M01
Expires in 263 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; connect-src 'self' tracking-api.g2.com *.reddit.com *.clarity.ms *.google-analytics.com *.googlesyndication.com *.google.com *.linkedin.com ip2c.org bat.bing.net bat.bing.com api.hubapi.com static.hsappstatic.net js.hs-banner.com api.recurly.com stats.g.doubleclick.net; form-action 'self' zapier.com com.rabbitsoft.clinked:; font-src 'self' a.clinked.com fonts.google.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline' a.clinked.com fonts.googleapis.com js.recurly.com; img-src 'self' a.clinked.com https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms www.clarity.ms tracking.g2crowd.com www.redditstatistic.com www.redditstatic.com www.googleadservices.com www.google.com www.googletagmanager.com googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net apis.google.com *.google-analytics.com bat.bing.com snap.licdn.com js.recurly.com js.stripe.com ipapi.co js.hs-scripts.com js.hsleadfl- strict-transport-security
max-age=31536000 ; includeSubDomains