cmsmax.com

HTML metadata

Title: CMS Max | A Blazing Fast & SEO friendly eCommerce Website Builder
Description: CMS Max has designed an extremely fast and incredibly powerful SEO website platform. With our search engine friendly code, you can take your business to new heights!
Language: en
Canonical: https://cmsmax.com/

Open Graph

url: https://cmsmax.com
title: CMS Max | A Blazing Fast & SEO friendly eCommerce Website Builder
description: CMS Max has designed an extremely fast and incredibly powerful SEO website platform. With our search engine friendly code, you can take your business to new heights!
updated time: 2026-04-25T18:34:21.000000Z

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Third-party hosts loaded (7)

media.cmsmax.cloud×32
fastimage.cmsmax.app×7
unpkg.com×3
cdn.jsdelivr.net×2
cdn.n1ed.com×2
api.hcaptcha.com×1
www.googletagmanager.com×1

Social

Contact

Address: 1661 Empire Boulevard, 14580, Webster, New York, US

Registration

Registrar

GoDaddy.com, LLC

Created

2004-03-16

Expires

2032-06-01 2205 days left

Updated

2023-01-21

Name servers

ns1.cmsmax.com
ns2.cmsmax.com
ns3.cmsmax.com
ns4.cmsmax.com

DNS records live

NS

ns1.cmsmax.com
ns2.cmsmax.com
ns3.cmsmax.com
ns4.cmsmax.com

MX

1 smtp.google.com

TXT

Show 7 TXT records

google-site-verification=N1es7LtUeWqdzfblB_mo0mYeRcVZP74cuRsOUuhUeDM
google-site-verification=PYoLeCF-SEMOeU-JD6bf53b3lWcFqx6JmWDVfpXAL2g
google-site-verification=o0oP2Rs4sGuZaP7GxBlTtPOWJ4RCIDD1be7Iv6Pcw_g
l=https://cmsmax.com/public-path-to-svgfile/cms-max-logo-2023-circle.svg; a=;"
stripe-verification=ce7362e59085c9a566d1d24c5fcd6c091c28f7a361537faa4b082083896f3acf
"default._bimi.cmsmax.com TXT v=BIMI1;
facebook-domain-verification=n81qhnpvnl37h426g4j9iv0abw208o

Email authentication partial

SPF

v=spf1 include:_spf.google.com include:spf.mailgun.org include:email.chargebee.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:re+4c645ebeaeff@inbound.dmarcdigests.com

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXro/6gArUAgR/gbRjl+kD53H3iT8LKUAD05EZ5Lkoy9DlL+/zL3sHS8urTAgd0ldlwYsOQp2PHn+d…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0b2y0eoKirHKVKJX171dfgTvA5W5H8mj9QcIVVpyC5YVrv/nMHZT2bfPZ71sqti89QbTcin27dqUNvpym…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWHr7DsSSp2+JvOANo66na9+GbNPXdjiwsTNLSn9vAhfk/P5sKpy1baYBCG/2najlI/SdpGWjiIrBRcYo4…

selectors probed

Certificate (current)

WE1

from 2026-04-06 to 2026-07-05

Expires in 47 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://cmsmax.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(self), microphone=(self), usb=(), accelerometer=(), gyroscope=(), magnetometer=(), geolocation=*, payment=(self), fullscreen=*, picture-in-picture=*, autoplay=*
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src * data: blob: wss: ws:; child-src * data: blob:; frame-src 'self' https:; media-src 'self' blob: https:; worker-src * data: blob:; manifest-src *; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin-allow-popups