digitoys.io

.io crawl

First seen 2026-04-15 · Last seen 2026-05-07 · ok HTTP/1.1 200 922 ms crawled 2026-05-09

US · 13.33.235.113 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Digitoys
Description: Collect the world’s most iconic characters (from brands like Disney, Mattel, and more) like never before.
Language: en
Canonical: https://digitoys.io

Open Graph

title: Digitoys
locale: en
site name: Digitoys
description: Collect the world’s most iconic characters (from brands like Disney, Mattel, and more) like never before.

Technology

CDN: Amazon CloudFront
CMS: Next.js

Social widgets

Vimeo Embed

Third-party hosts loaded (3)

cdn.sanity.io×47
cdn.cryptoys.com×13
player.vimeo.com×1

Social

Contact

Email

support@digitoys.io

DNS records live

NS

ns-1130.awsdns-13.org
ns-1655.awsdns-14.co.uk
ns-515.awsdns-00.net
ns-57.awsdns-07.com

MX

1 smtp.google.com

Email authentication weak

SPF

not published

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

google: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nCag8M3N7rhMHOZs9bCm6A8LA6elwo+ZY1x6u+zapL0ki+c5k7e7SPUE/ltmP2DwP/BFDRau9h01ibv…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaAzHVzJLdiPKDg5uriSRRivjfUUlnnQEj5obqMkUMdsImJ9uJs4uxT9GthDksLWjCur8EijFj+C5LG1mf…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoCXY8OlrD/yG43MZMShD1fgwKF+6N8WsNEwdPvmhSJcYxnnuFkf701tl7/aXdjJK+UDbvCl7KuJxGvlls…

selectors probed

Certificate (current)

Amazon RSA 2048 M01

from 2026-03-01 to 2026-09-15

Expires in 118 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://digitoys.io/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: battery=(), camera=(), geolocation=(), gyroscope=(), microphone=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; object-src 'self' data:; connect-src 'self' https://digitoys.io https://cdn.cryptoys.com/ https://cdn.staging.cryptoys.com/ https://cdn.cryptoys.dev/ https://*.sanity.io https://*.digitoys.io https://formspree.io https://*.amazonaws.com https://telemetry.transcend.io https://transcend-cdn.com https://heapanalytics.com https://*.heapanalytics.com https://*.us.heap-api.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://*.magic.link https://vitals.vercel-insights.com https://analytics.google.com https://*.stripe.com https://api.mainnet.abs.xyz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://digitoys.io https://*.digitoys.io https://transcend-cdn.com https://*.stripe.com https://heapanalytics.com https://cdn.us.heap-api.com https://*.heapanalytics.com https://*.magic.link https://connect.facebook.net; worker-src blob: http://localhost:4204; font-src 'self' https://digitoys.io https://*.digitoys.io https://cdn.cryptoys.com ht
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin