flagsonthecheap.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-16 · ok HTTP/1.1 200 7831 ms crawled 2026-05-16

US · 3.164.206.94 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

sector ecommerce type blog

HTML metadata

Title: Custom Feather Flags for Cheap | 50% OFF TODAY!
Description: Custom Feather Flags and Regular Flags At Jaw-Dropping Prices! 50% Off When You Order Today! FAST SHIPPING!
Language: en
Generator: nopCommerce
Canonical: https://www.flagsonthecheap.com/

Technology

CDN: Amazon CloudFront
CMS: Ghost

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

otcimages.basnop.com×13
fonts.googleapis.com×2
apis.google.com×1
widget.reviews.co.uk×1
www.googletagmanager.com×1

Contact

Phone

1-844-288-9434

Registration

Registrar

GoDaddy.com, LLC

Created

2016-06-24

Expires

2027-02-01 257 days left

Updated

2026-02-02

Name servers

ns-1511.awsdns-60.org
ns-2043.awsdns-63.co.uk
ns-372.awsdns-46.com
ns-713.awsdns-25.net

DNS records live

NS

ns-1511.awsdns-60.org
ns-2043.awsdns-63.co.uk
ns-372.awsdns-46.com
ns-713.awsdns-25.net

MX

10 mx.zoho.com
20 mx2.zoho.com
50 mx3.zoho.com

TXT

Show 4 TXT records

google-site-verification=QeUn_TRH-e1oQ8KLCBGYMNq6WR5qg6Fn2VRnWtJBDyg
zoho-verification=zb82078712.zmverify.zoho.com
facebook-domain-verification=dgj64iwtr50qpp968m51kwm9echd9d
google-site-verification=94Zq1SVZ0rQll_dOT7JEVjpNQMEMpa_LU4ei6Tjs0HY

Email authentication partial

SPF: v=spf1 include:zoho.com include:email.freshdesk.com include:cust-spf.exacttarget.com ~all
softfail (~all)
DMARC: v=DMARC1; p=none; sp=none; fo=0; ri=3600; rua=mailto:dmarc_agg@dmarc.everest.email; ruf=mailto:dmarc_fr@dmarc.everest.email
policy: none (monitoring only) · sp=none
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M02

from 2025-07-30 to 2026-08-28

Expires in 100 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.flagsonthecheap.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:;
strict-transport-security: max-age=63072000; includeSubDomains

Links to (4)

Linked from (1)

signsonthecheap.com×2