getunleash.io

HTML metadata

Title: Feature Management Platform / Feature Flags for Large Enterprise
Description: Unleash is the FeatureOps Control Plane built for enterprises. Open source, private, and secure. Move fast, stay safe, and keep shipping.
Language: en
Canonical: https://www.getunleash.io/

Open Graph

url: https://www.getunleash.io/
title: Unleash: Open-Source Feature Management for Enterprises
locale: en_US
site name: Unleash
description: Private, secure, scalable, and ready for the most complex setups out-of-the-box. Cut down on costs, time, and technical debt. +18M Docker's downloads.

Technology

CDN: Vercel
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

DNS records live

NS

ns-1002.awsdns-61.net
ns-1515.awsdns-61.org
ns-1938.awsdns-50.co.uk
ns-482.awsdns-60.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

OSSRH-68863
rippling-domain-verification=693f45286dc9c44a
v=MCPv1; k=ed25519; p=tL16xqxo0Ve3nk43iCE+3GQfzfH7J/hG08HLOyj6Agk=

Verified for

Brevo
Google

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:mail.zendesk.com include:19521761.spf10.hubspotemail.net -all

strict (-all)

DMARC

v=DMARC1; p=reject; sp=reject; rua=mailto:dmarc@getunleash.io!10m; ruf=mailto:dmarc@getunleash.io!10m; rf=afrf; pct=100; ri=86400

policy: reject (enforced) · sp=reject

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUMsiq9smlcg8VD2q2FlnoJnPbx42eucp4G/s36f31Pz7YMn2+c35mWzwwcUVtJlEctLkIjrDCrK47dsfDsu…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…

selectors probed

Certificate (current)

Amazon RSA 2048 M01

from 2025-09-26 to 2026-10-25

Expires in 157 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.getunleash.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.amazonaws.com *.getunleash.io *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.liadm.com *.list-manage.com *.plausible.io *.youtube.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.analytics.google.com *.calendly.com *.clarity.ms *.clearbitjs.com *.clearbitscripts.com *.getunleash.io *.google-analytics.com *.google.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.net *.hubspot.com *.liadm.com *.lfeeder.com *.redditstatic.com *.youtube.com cdn-cookieyes.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net ipapi.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net optimize.google.com plausible.io snap.licdn.com static.ads-twitter.com static.hsappstatic.net static.reo.dev tracker.ub-analytics.com tracking-api.g2.com unpkg.com vercel.live; style-src 'report-sample' 'self' 'unsafe-inline' *.calendly.com *.getunl
strict-transport-security: max-age=63072000; includeSubDomains