fable.co

.co crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 349 ms crawled 2026-05-18

US · 34.110.143.206 · AS396982 Google LLC

Reputation 100/100

sector entertainment type homepage

HTML metadata

Title: Fable | Stories for everyone
Language: en

Technology

Server: nginx

Cookie consent

Osano

Fonts

Google Fonts

Third-party hosts loaded (7)

fablecdn.net×6
fonts.googleapis.com×6
fonts.gstatic.com×2
images.ctfassets.net×2
cmp.osano.com×1
geoip-js.com×1
unpkg.com×1

DNS records live

NS

ns-cloud-d1.googledomains.com
ns-cloud-d2.googledomains.com
ns-cloud-d3.googledomains.com
ns-cloud-d4.googledomains.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

firebase=fable-backend

Verified for

Apple
Google
Microsoft 365

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:_spf.firebasemail.com include:helpscoutemail.com include:custom-email-domain.stripe.com  ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:keith+dmarc@fable.co

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvD2SKb6aPslRDSyG/BZzEQIdIMmGQGOE9EHAUUaxuMjkNZRZJN9EjzOoPE8ZwtM/smBRbaF83msUh…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

WR3

from 2026-04-30 to 2026-07-29

Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://fable.co/

present

strict-transport-security
content-security-policy
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' chrome-extension:; script-src 'self' 'unsafe-inline' blob: tagmanager.google.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com www.youtube.com apis.google.com beacon-v2.helpscout.net cdn.cookielaw.org cdn.segment.com connect.facebook.net geoip-js.com js.stripe.com geoip-js.com script.hotjar.com snap.licdn.com static.hotjar.com www.googletagmanager.com cdn.ably.com app.link *.google-analytics.com fablecdn.net *.fablecdn.net unpkg.com analytics.tiktok.com www.redditstatic.com *.osano.com; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com optimize.google.com fablecdn.net *.fablecdn.net *.osano.com; connect-src 'self' wss: www.facebook.com api.staging.fable.co api.fable.co cdn.fable.co geolocation.onetrust.com geoip-js.com api.segment.io cdn.segment.com cdn.cookielaw.org graphql.contentful.com identity
strict-transport-security: max-age=31536000