exxosforum.co.uk

.uk crawl

First seen 2026-05-08 · Last seen 2026-05-19 · ok HTTP/1.1 200 2244 ms crawled 2026-05-15

NL · 213.165.252.143 · AS22611 InMotion Hosting, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: exxos's Atari, Amiga & retro forum - Index page
Language: en-gb
Canonical: https://www.exxosforum.co.uk

Technology

Server: nginx

DNS records live

NS

ns43.domaincontrol.com
ns44.domaincontrol.com

MX

10 exxosforum.co.uk

Verified for

Google

Email authentication strong

SPF

v=spf1 mx a ip4:213.165.252.143 ip6:2a04:c5c0:0:100:f816:3eff:fe35:a116 ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:abuse@exxosforum.co.uk;

policy: reject (enforced)

DKIM

default: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+O8rkkwySRheJTRDLc4H8M91qKxjNdziX8AKGJA26OGljvQQh5bNxTNCpvWJQUpSEXTz…

selectors probed

Certificate (current)

R12

from 2026-04-10 to 2026-07-09

Expires in 50 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.exxosforum.co.uk/forum/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),fullscreen=(self),payment=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://maps.googleapis.com/maps/api/ https://exxosforum.co.uk https://www.exxosforum.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://ajax.googleapis.com https://ajax.microsoft.com https://maps.google.com/maps/api/ *.googleapis.com https://js.stripe.com/v3/ https://cdn.jsdelivr.net https://challenges.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.jsdelivr.net https://js.stripe.com https://challenges.cloudflare.com; frame-src 'self' https://www.dailymotion.com https://*.assoc-amazon.com https://player.vimeo.com https://vimeo.com https://js.stripe.com/v3/ https://store.steampowered.com https://youtube.com https://www.youtube.com https://*.github.io/ https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.co
strict-transport-security: max-age=31536000; includeSubDomains

Links to (2)

atari-wiki.com×1
phpbb.com×1