indexo.dev

clusterfree.org

.org crawl

First seen 2026-04-20 · Last seen 2026-05-10 · ok HTTP/1.1 200 228 ms crawled 2026-05-13

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
ClusterFree — Access to Effective Cluster Headache Treatments
Description
Cluster headache is the most painful condition known to medicine. ClusterFree advocates for legal access to effective treatments that can end the pain.
Language
en
Canonical
https://clusterfree.org/

Open Graph

url
https://clusterfree.org/
title
ClusterFree — Access to Effective Cluster Headache Treatments
description
Cluster headache is the most painful condition known to medicine. ClusterFree advocates for legal access to effective treatments that can end the pain.

Technology

CDN
Vercel
CMS
Next.js
Social widgets
  • YouTube Embed

Third-party hosts loaded (1)

  • www.youtube.com×2

Social

Registration

Registrar
NameCheap, Inc.
Created
2025-04-11
Expires
2030-04-11 1421 days left
Updated
2025-06-12
Name servers
  • dns1.registrar-servers.com
  • dns2.registrar-servers.com

DNS records live

NS
  • dns1.registrar-servers.com
  • dns2.registrar-servers.com
MX
  • 1 smtp.google.com
Verified for
  • Google

Email authentication partial

SPF
v=spf1 include:_spf.google.com include:sendgrid.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkSxsyFzjL8ZRZyDKgei3V71+FGs5dgB0pzCqzOrEZSaM+GtVdLfB4oIwLxjiuGBXA84XEE7ovTVVH…
selectors probed

Certificate (current)

R12
from 2026-04-15 to 2026-07-14
Expires in 55 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://clusterfree.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
permissions-policy
camera=(self), microphone=(self), geolocation=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://*.supabase.co https://app.kit.com; frame-src 'self' https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://formsubmit.co
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin

Links to (9)

Linked from (1)