flathub.org

.org toplist crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1480 ms crawled 2026-05-18

GB · 199.232.57.91 · AS54113 Fastly, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title

Flathub - Apps for Linux | Flathub

Description

Find and install hundreds of apps and games for Linux. Enjoy Firefox, Telegram, RetroArch, GIMP and many more!

Language

Canonical

https://flathub.org/en

Feeds

Flathub – New Apps RSS
Flathub – Recently Updated Apps RSS

Open Graph

url: https://flathub.org/en
title: Flathub - Apps for Linux
description: Find and install hundreds of apps and games for Linux. Enjoy Firefox, Telegram, RetroArch, GIMP and many more!

Technology

Server: openresty
CMS: Next.js

Third-party hosts loaded (1)

webstats.gnome.org×1

Social

Registration

Registrar

Gandi SAS

Created

2016-09-27

Expires

2028-09-27 861 days left

Updated

2025-06-03

Name servers

ns1.mythic-beasts.com
ns2.mythic-beasts.com
ns3.mythic-beasts.com

DNS records live

NS

ns1.mythic-beasts.com
ns2.mythic-beasts.com

MX

10 mx1.mythic-beasts.com
10 mx2.mythic-beasts.com

TXT

libera-iE!2PbqoQsUaDXkRDrbAX2_j
google-site-verification=dx31iPPogfYIT71Uj7QjNKEFg_tqGmWiqP7XW-s-zgw

Email authentication weak

SPF: v=spf1 include:_spf.mythic-beasts.com ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

GlobalSign Atlas R3 DV TLS CA 2026 Q1

from 2026-01-25 to 2027-02-26

Expires in 283 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://flathub.org/en

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: Deny
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(self), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: base-uri 'self' https://flathub.org; form-action 'none'; style-src 'self' 'unsafe-inline' https://dl.flathub.org; font-src 'self' https://dl.flathub.org; connect-src 'self' https://flathub.org https://builds.flathub.org/api/ https://webstats.gnome.org https://api.stripe.com https://maps.googleapis.com https://o467221.ingest.sentry.io/api/6610580/; img-src 'self' https://dl.flathub.org https://webstats.gnome.org https://avatars.githubusercontent.com https://gitlab.com https://gitlab.gnome.org https://lh3.googleusercontent.com https://secure.gravatar.com https://invent.kde.org https://imgproxy.flathub.org data:; frame-ancestors 'none'; frame-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com;
strict-transport-security: max-age=300

Links to (1)

github.com×4