indexo.dev

gfstudio.com

.com crawl

First seen 2026-04-12 · Last seen 2026-05-12 · ok HTTP/1.1 200 4387 ms crawled 2026-05-05

NL · 94.237.110.17 · AS202053 UpCloud Ltd

Reputation 100/100

Classifying

HTML metadata

Title
Home - GF Studio
Language
it
Canonical
https://www.gfstudio.com/it

Open Graph

url
https://www.gfstudio.com/it
title
Home

Technology

Server
nginx
Analytics
  • Google Tag Manager
Cookie consent
  • Iubenda
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • cdn.iubenda.com×2
  • cs.iubenda.com×1
  • fonts.googleapis.com×1
  • www.googletagmanager.com×1

Contact

Email
Phone
Address
via Levata 12Seriate (Bergamo)

DNS records live

NS
  • ns1.register.it
  • ns2.register.it
MX
  • 10 esva.sfera.net
  • 10 esva2.sfera.net
TXT
  • v=spf1 mx a ip4:94.237.96.163 ip4:94.237.101.187 ip4:94.237.102.107 ip4:80.91.53.20 ip4:80.91.51.18 ip4:80.91.51.20 ip4:94.237.110.14 ip4:94.237.110.209 ip4:94.237.110.210 ~all
  • brevo-code:887fc1ff14ab9e8849fd8af765a3216c

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-11-08 to 2026-11-25
Expires in 189 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.gfstudio.com/it

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
sameorigin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com *.g.doubleclick.net; object-src 'self' blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self' data: blob: *.googlesyndication.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.it *.g.doubleclick.net *.jquery.com *.iubenda.com media.gfstudio.com; media-src 'self' media.gfstudio.com; frame-src 'self' *.google.com *.iubenda.com *.youtube-nocookie.com; font-src 'self' data: *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' blob: *.google.com *.googlesyndication.com *.google-analytics.com *.g.doubleclick.net *.iubenda.com

Links to (1)

Linked from (8)