filefactory.com

HTML metadata

Title: FileFactory - Simple & Unlimited File Sharing
Description: FileFactory - The simplest and most reliable file sharing service since 2005. Upload, collaborate, and share large files with unlimited downloads.
Language: en

Technology

CDN: Cloudflare
CMS: Next.js

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
fonts.gstatic.com×1
uploadworker.holt-meyers.workers.dev×1

Registration

Registrar

GoDaddy.com, LLC

Created

2001-08-06

Expires

2026-08-06 78 days left

Updated

2022-09-03

Name servers

kip.ns.cloudflare.com
lola.ns.cloudflare.com

DNS records live

NS

kip.ns.cloudflare.com
lola.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 8 TXT records

LXY6oTFkEiBj52kc0kCgGjs7i9wYVUiSv8fMsHYKZuc=
_globalsign-domain-verification=56LOD61hN-PXrDDIYtTFHZch0thJEqppNBeFXlD8t8
_globalsign-domain-verification=8clsf_CvDRTnX7jwAfD0bcSyb8VEuvqmAcmKyKeRPl
_globalsign-domain-verification=KBsZk3pRKAbePq3XsLsQ-We6Ve_1RNjeA31q_OnSqp
_globalsign-domain-verification=MrkaSvBVgE4Ammk3fxUsoDhz9yh40VyXAb2lsUjIPB
_globalsign-domain-verification=d0zHjabp5Y6wxItddwHDO1L36GIZJqEiuOZsSAyDPa
ca3-4def59622df94c1298c00f1d8b11bdcc
google-site-verification=uTE8baGmZc1DgvalZsDDPa1rC-4TF6w8ceXNI_HXq1M

Email authentication partial

SPF

v=spf1 a mx ip4:95.211.200.36 ip4:95.211.200.47 ip4:95.211.200.49 ip4:95.211.200.0/24 include:sendgrid.net include:_spf.google.com include:_spf.zdsys.com include:noc.filefactory.com include:w2.filefactory.com include:w3.filefactory.com include:w4.filefactory.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

Show 4 DKIM selectors

mail: k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK5ckI2ne7naNyVORJFgH8IJsfk66FpvVsrZWtDqmmwkSbVFlZQnj/G/PqWTSZiZaak+o7duC8fjlUa2LoMgJoN3…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Z11zCeOhiYlkNMhLQp6qSalyuQsJFlbh0ZMppCZZjLc9JSgH/VzKhbdwLKy5TqKS7KkTUQwbJosnaIl0t…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCxtmKhYUFyGgXbl6shMFXfPq/mZ7o1VNSHFP24uyvBQBdGUanonPDqnb+1L7bJeidDZUwm4BjEGTH6LtL…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

WE1

from 2026-04-15 to 2026-07-14

Expires in 55 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.filefactory.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY, SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=(), interest-cohort=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), fullscreen=(self), autoplay=(self)
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://accounts.google.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.rybbit.io https://analytics.filefactory.com https://www.youtube.com https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://uploadcdn.filefactory.com data:; img-src 'self' data: blob: https: http: *.filefactory.com transfers.filefactory.com imagedelivery.net *.googleapis.com *.gstatic.com *.google.com image.tmdb.org i.ytimg.com; media-src 'self' blob: https: http: *.filefactory.com; connect-src 'self' https://api.filefactory.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://accounts.google.c
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin