indexo.dev

contactfile.app

.app crawl

First seen 2026-05-07 · Last seen 2026-05-07 · ok HTTP/1.1 200 267 ms crawled 2026-05-14

US · 104.21.41.151 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

sector tech type app saas

HTML metadata

Title
ContactFile — Private contact parser for Google, Apple, and more
Description
A free, private contact parser. Paste signatures or business cards — file to Google Contacts or as .vcf for Apple Mail, Outlook, ProtonMail, and more.
Language
en
Canonical
https://contactfile.app/
Translations
  • en
  • es
  • fr

Open Graph

url
https://contactfile.app/
title
ContactFile — Private contact parser for Google, Apple, and more
locale
en_US
site name
ContactFile
description
A free, private contact parser. Paste signatures or business cards — file to Google Contacts or as .vcf for Apple Mail, Outlook, ProtonMail, and more.
locale:alternate
es_ES

Technology

CDN
Cloudflare

Third-party hosts loaded (2)

  • accounts.google.com×1
  • cloud.umami.is×1

DNS records live

NS
  • donovan.ns.cloudflare.com
  • wanda.ns.cloudflare.com
MX
  • 65 route1.mx.cloudflare.net
  • 85 route3.mx.cloudflare.net
  • 99 route2.mx.cloudflare.net
TXT
  • google-site-verification=pClQWT4L6H9lyJ9KBKmYdVw4oxAdA7AcMQqWuZBSpuI

Email authentication weak

SPF
v=spf1 include:_spf.mx.cloudflare.net ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-04-21 to 2026-07-20
Expires in 62 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://contactfile.app/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
permissions-policy
camera=(), microphone=(), geolocation=(), payment=(), usb=(), interest-cohort=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' https://accounts.google.com https://cloud.umami.is https://static.cloudflareinsights.com; connect-src 'self' https://people.googleapis.com https://accounts.google.com https://oauth2.googleapis.com https://cloud.umami.is https://api-gateway.umami.dev https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://accounts.google.com; font-src 'self'; frame-src https://accounts.google.com; img-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self';
strict-transport-security
max-age=31536000; includeSubDomains; preload

Linked from (1)