indexo.dev

fabfitfun.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-12 · ok HTTP/1.1 200 1150 ms crawled 2026-05-07

US · 13.219.40.158 · AS14618 Amazon.com, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
FabFitFun
Description
FabFitFun Box | Beauty, Wellness, Fitness and Fashion
Language
en

Technology

Server
Nginx
CMS
Gatsby
Fonts
  • Google Fonts

Third-party hosts loaded (1)

  • fonts.googleapis.com×1

Registration

Registrar
Amazon Registrar, Inc.
Created
2010-01-15
Expires
2028-01-15 605 days left
Updated
2024-11-15
Name servers
  • ns-1041.awsdns-02.org
  • ns-1884.awsdns-43.co.uk
  • ns-441.awsdns-55.com
  • ns-955.awsdns-55.net

DNS records live

NS
  • ns-1041.awsdns-02.org
  • ns-1884.awsdns-43.co.uk
  • ns-441.awsdns-55.com
  • ns-955.awsdns-55.net
MX
  • 10 mx1.hc4925-28.iphmx.com
  • 10 mx2.hc4925-28.iphmx.com
TXT
Show 20 TXT records
  • google-site-verification=1nsPpgT9yMzStHK1l2UIDbq5GIGEsSkWFTIN99E1Wbc
  • stripe-verification=01bea4ccb56c98a4abd71d974644db9ed5ba293723c0802009677beaa6975193
  • segment-site-verification=yqnARb3ze2xqC1AFulyBaLTygsaJKPku
  • MS=ms43633542
  • zapier-domain-verification-challenge=beae6b87-083e-4858-9ca1-6b3e33067c7a
  • _0es0z4t0fr351kdsh2o8xjoza41xiie
  • apple-domain-verification=qDCmlhu3I5UcuWVY
  • dropbox-domain-verification=5jzqi1nn2mth
  • atlassian-domain-verification=6szvj15dX4hbMb2YlLTcPtjVd8I1xDYK+PyPaOa0oRV1XwORV565dCSJi8qecwJf
  • h1-domain-verification=yQnD1K6uYWaL3EpppqSXTXrDz41YHkHLkQnzZmbXGXSgHS2y
  • mixpanel-domain-verify=6ec3aa29-6099-4d03-bdc4-601d07424731
  • facebook-domain-verification=yy1jp4ibjak033p20xlu865wnrdsru
  • anthropic-domain-verification-a91dnr=afWZn5rHckxznr2B4CnPRUMzs
  • 6gx9tl74hs6c50kr4svfnh9d5s8nv4qx
  • google-site-verification=qX4keTP4TxLNd0xu6Yhil9QIhwWUjpOj83OjX9443-U
  • bv-domain-verification=703c4515e664a850ac1281aae31f9988fd206b9d3a7351626b059d26c21dac6f
  • openai-domain-verification=dv-x3xvjRSFPnF0f6bp9YrPhGHC
  • google-site-verification=AANL5ROQdDnHLJJw0YBcn_hc_SAuU_mtNhvk8q7kDv8
  • canva-site-verification=c-q80judwj2NdDO1peQgnA
  • stripe-verification=dfe64d56e1d43452b2a025cf552b1afb102b1889ad7269596439d60084a6eb20

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:servers.mcsv.net include:mail.zendesk.com include:mg-spf.greenhouse.io include:spf.mandrillapp.com include:sendgrid.net include:_spf.salesforce.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; adkim=r; aspf=s; rua=mailto:dmarc.responses@fabfitfun.com,mailto:re+bc1fedb339d7@inbound.dmarcdigests.com
policy: quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkflZrEshpZnD37oi5c05KKW0TpuhaHuiDWVPjxJSgcRQUCcMbkIhkpthfc/oS6O7Fkl6OfusVWM4wd…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
  • smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…
selectors probed

Certificate (current)

DigiCert EV RSA CA G2
from 2025-10-10 to 2026-11-08
Expires in 172 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://fabfitfun.com/

present
  • content-security-policy-report-only
  • x-frame-options
findings
  • missing HSTS
  • missing Content Security Policy
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy-report-only
default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com *.clarity.ms accessibilityserver.org *.userway.org *.tryamped.com *.pinimg.com *.ads-twitter.com *.amped.io *.visualwebsiteoptimizer.com *.amazon-adsystem.com blob:; style-src * 'unsafe-inline' data: blob:; connect-src *; frame-src *; img-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; media-src * blob:; obje

Linked from (1)