dahliabakery.com

.com crawl

First seen 2026-04-15 · Last seen 2026-05-13 · ok HTTP/1.1 200 1853 ms crawled 2026-05-09

US · 151.101.1.75 · AS54113 Fastly, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Dahlia Bakery | Artisan Breads & Handmade Pastries in Downtown Seattle, WA
Description: Find your favorite treat at Dahlia Bakery in Seattle! Shop our artisan breads, pastries, and desserts like cakes, pies, and the famous Oh Mochi Donut.
Language: en-US
Canonical: https://www.dahliabakery.com/

Open Graph

url: https://www.dahliabakery.com/
title: Dahlia Bakery | Artisan Breads & Handmade Pastries in Downtown Seattle, WA
site name: Dahlia Bakery | Artisan Breads & Handmade Pastries in Seattle, WA
description: Find your favorite treat at Dahlia Bakery in Seattle! Shop our artisan breads, pastries, and desserts like cakes, pies, and the famous Oh Mochi Donut.

Technology

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (14)

images.getbento.com×22
theme-assets.getbento.com×4
app-assets.getbento.com×3
www.googletagmanager.com×3
ajax.googleapis.com×1
assets-cdn-refresh.getbento.com×1
cdnjs.cloudflare.com×1
fonts.googleapis.com×1
fonts.gstatic.com×1
media-cdn.getbento.com×1
widgets.resy.com×1
wsv3cdn.audioeye.com×1
www.google.com×1
www.gstatic.com×1

Social

Contact

Phone

206-441-4540

Registration

Registrar

eNom, LLC

Created

2006-04-18

Expires

2026-11-26 190 days left

Updated

2025-11-25

Name servers

ns1.hover.com
ns2.hover.com

DNS records live

NS

ns1.hover.com
ns2.hover.com

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-27 to 2026-07-26

Expires in 67 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.dahliabakery.com/

present

strict-transport-security
content-security-policy
x-frame-options
cross-origin-opener-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
content-security-policy: default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * https://cdn.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; script-src-elem * https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * https://heapanalytics.com https://viewer.threshold360.com blob: data:; style-src 'self' * https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://c.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com wss://viewer.threshold360.com blob:; font-src 'self' * https://heapanalytics.com https://viewer.threshold360.com data:; frame-src 'self' * https://viewer.threshold360.com; worker-src * blob:; media-src * blob: data:; frame-ancestors 'self';
strict-transport-security: max-age=2592000; includeSubDomains
cross-origin-opener-policy: same-origin