get.app
HTML metadata
Technology
- Server
- sffe
- CMS
- Gatsby
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (7)
- lh3.googleusercontent.com×122
- www.gstatic.com×7
- fonts.googleapis.com×3
- fonts.gstatic.com×1
- gstatic.com×1
- storage.googleapis.com×1
- www.googletagmanager.com×1
DNS records live
- NS
-
- ns1.zdns.google
- ns2.zdns.google
- ns3.zdns.google
- ns4.zdns.google
- TXT
-
google-site-verification=9tNmmC5ni1oixHxuaxhYYVDRZjLo6td8zBRhc4oT_Xg
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
WR2
Expires in 55 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
script-src 'nonce-_nKv4nLK2ba0Z6SvqP-HyA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl; base-uri 'self'- strict-transport-security
max-age=31536000; includeSubDomains; preload- cross-origin-opener-policy
same-origin; report-to="uxe-owners-acl"- cross-origin-resource-policy
cross-origin
Links to (24)
- ahmedabadmetro.app×4
- albert.app×4
- bear.app×4
- bnext.app×4
- call.app×4
- cash.app×4
- cityhunt.app×4
- concepts.app×4
- cozzo.app×4
- fellow.app×4
- fluz.app×4
- get.dev×4
- google.com×4
- greg.app×4
- increase.app×4
- picnic.app×4
- podcast.app×4
- puppr.app×4
- shrew.app×4
- sitter.app×4
- snoop.app×4
- steps.app×4
- timelybills.app×4
- windy.app×4