davidlin.io
HTML metadata
Technology
- CDN
- Vercel
- CMS
- Next.js
Social
DNS records live
- NS
-
- dns1.registrar-servers.com
- dns2.registrar-servers.com
- MX
-
- 10 eforward1.registrar-servers.com
- 10 eforward2.registrar-servers.com
- 10 eforward3.registrar-servers.com
- 15 eforward4.registrar-servers.com
- 20 eforward5.registrar-servers.com
Email authentication weak
- SPF
-
v=spf1 include:spf.efwd.registrar-servers.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 71 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.vercel-insights.com vercel.live va.vercel-scripts.com challenges.cloudflare.com https://js.hcaptcha.com https://newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: blob: https: http:; media-src 'self' https://*.dlin.org https://szgnatihgn8qvta8.public.blob.vercel-storage.com blob: data:; connect-src 'self' vitals.vercel-insights.com va.vercel-scripts.com ipapi.co ip-api.com challenges.cloudflare.com https://api.hcaptcha.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://challenges.cloudflare.com https://newassets.hcaptcha.com- strict-transport-security
max-age=63072000
Links to (14)
- accenture.com×2
- adobe.com×2
- arxiv.org×2
- dribbble.com×2
- github.com×2
- github.io×2
- google.com×2
- google.org×2
- runwayml.com×2
- thecvf.com×2
- unsplash.com×2
- vercel.app×2
- xiameng.org×2
- youtube.com×2