getcodeviolations.com

.com crawl

First seen 2026-04-19 · Last seen 2026-04-19 · ok HTTP/1.1 200 7196 ms crawled 2026-05-13

US · 104.21.36.171 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Code Violation Leads for Contractors | CodeViolations
Description: Get code violation leads daily — addresses of properties with open violations. Built for roofers, plumbers, painters & HVAC contractors. 29+ states. Free trial.
Language: en
Canonical: https://getcodeviolations.com/

Open Graph

url: https://getcodeviolations.com/
title: Code Violation Leads for Contractors
site name: CodeViolations
description: Get code violation leads daily — addresses of properties with open violations. Built for roofers, plumbers, painters & HVAC contractors. 29+ states. Free trial.

Technology

CDN: Cloudflare
CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

fonts.googleapis.com×4
unpkg.com×2
cdn.tailwindcss.com×1
fonts.gstatic.com×1
www.googletagmanager.com×1

Contact

Address: 131 Continental Dr, Suite 305, 19713, Newark, DE, US

Registration

Registrar

Cloudflare, Inc.

Created

2026-03-22

Expires

2027-03-22 306 days left

Updated

2026-03-22

Name servers

greg.ns.cloudflare.com
luciane.ns.cloudflare.com

DNS records live

NS

greg.ns.cloudflare.com
luciane.ns.cloudflare.com

MX

24 route3.mx.cloudflare.net
30 route1.mx.cloudflare.net
59 route2.mx.cloudflare.net

TXT

google-site-verification=mtOcNMhIlNWskZIjiv2XBPAFVWImPBtWwmxbvH3VAT8

Email authentication weak

SPF: v=spf1 include:_spf.mx.cloudflare.net ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

from 2026-03-22 to 2026-06-20

Expires in 31 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://getcodeviolations.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: camera=(), microphone=(self), geolocation=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://unpkg.com https://defiro-agent.vercel.app https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tailwindcss.com https://defiro-agent.vercel.app; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://defiro-agent.vercel.app wss://proactive-encouragement-production-0964.up.railway.app wss://*.railway.app https://*.railway.app https://*.supabase.co wss://*.supabase.co https://generativelanguage.googleapis.com wss://generativelanguage.googleapis.com https://*.googleapis.com wss://*.googleapis.com; frame-src https://defiro-agent.vercel.app https://www.google.com https://maps.google.com
strict-transport-security: max-age=63072000; includeSubDomains

Linked from (1)

listyourtool.com×1