flow48.com

.com crawl

First seen 2026-05-08 · Last seen 2026-05-15 · ok HTTP/1.1 200 1446 ms crawled 2026-05-15

US · 104.26.0.106 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Flow 48 website
Description: Flow 48 homepage
Language: en

Technology

CDN: Cloudflare
CMS: Next.js

Cookie consent

Cookiebot

Fonts

Google Fonts

Third-party hosts loaded (2)

consent.cookiebot.com×1
fonts.gstatic.com×1

Social

Registration

Registrar

Amazon Registrar, Inc.

Created

2021-09-04

Expires

2026-09-04 108 days left

Updated

2025-07-31

Name servers

damien.ns.cloudflare.com
shubhi.ns.cloudflare.com

DNS records live

NS

damien.ns.cloudflare.com
shubhi.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

google-site-verification=f-URf2IK6JNI1rHRjuZheXxdNlWeFLo8Ao6utlU0bCY
google-site-verification=JePqAyxTtxXe53MUe58JaAwMnMk7E_kfkE0UYJfElS4

Email authentication strong

SPF

v=spf1 mx include:_spf.salesforce.com include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100; rua=mailto:wjzd28ht@ag.eu.dmarcian.com, mailto:techadmin@flow48.com;

policy: reject (enforced)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkq/PCAgXbU9yn0Si3oNdga5nz8Ct1XsJZlWFOmQ5mDblPjIhFBzPU3WZaoIeXe3d1AKuIUYrz4bWXI…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WE1

from 2026-04-28 to 2026-07-27

Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.flow48.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https: https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://*.cookiebot.com https://*.intercom.io https://*.intercomcdn.com https://*.youtube.com https://js-agent.newrelic.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.nr-data.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.gstatic.com; connect-src 'self' https://*.cookiebot.com https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://*.nr-data.net https://bam.eu01.nr-data.net https://js-agent.newrelic.com https://*.hotjar.com wss://*.hotjar.c
strict-transport-security: max-age= 15768000; includeSubDomains; preload

Links to (1)

linkedin.com×1

Linked from (1)

blockchainff.com×1