convesiopay.com
HTML metadata
Technology
- CDN
- Cloudflare
- Fonts
-
- Google Fonts
Third-party hosts loaded (2)
- fonts.googleapis.com×1
- fonts.gstatic.com×1
Registration
- Registrar
- Cloudflare, Inc.
- Created
- 2023-06-16
- Expires
- 2027-06-16 392 days left
- Updated
- 2026-05-17
- Name servers
-
- karina.ns.cloudflare.com
- watson.ns.cloudflare.com
DNS records live
- NS
-
- karina.ns.cloudflare.com
- watson.ns.cloudflare.com
- MX
-
- 13 route3.mx.cloudflare.net
- 17 route2.mx.cloudflare.net
- 3 route1.mx.cloudflare.net
Email authentication weak
- SPF
-
v=spf1 include:_spf.mx.cloudflare.net ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
WE1
Expires in 57 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src *;script-src * https://convesio.unthread.io 'unsafe-inline';connect-src * https://convesio.unthread.io;frame-ancestors 'none';object-src *;img-src 'self' data: https://*.adyen.com https://assets.unthread.io;base-uri 'self';font-src 'self' https: data:;form-action 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
same-origin-allow-popups- cross-origin-resource-policy
same-origin