goodgym.org

HTML metadata

Title: GoodGym - Workout for the future | GoodGym - Workout for the future
Description: GoodGym is a community of people who get fit by doing good. We run, walk, and cycle to help community organisations and isolated older people with practical…
Language: en
Canonical: https://www.goodgym.org/

Open Graph

url: https://www.goodgym.org/
title: GoodGym - Workout for the future
description: GoodGym is a community of people who get fit by doing good. We run, walk, and cycle to help community organisations and isolated older people with practical tasks.

Technology

CDN: Amazon CloudFront
Server: Heroku
CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

fonts.googleapis.com×3
cdn.jsdelivr.net×2
fonts.gstatic.com×1
www.facebook.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

eNom, LLC

Created

2012-02-03

Expires

2029-02-03 991 days left

Updated

2019-02-04

Name servers

ns-1156.awsdns-16.org
ns-1569.awsdns-04.co.uk
ns-319.awsdns-39.com
ns-681.awsdns-21.net

DNS records live

NS

ns-1156.awsdns-16.org
ns-1569.awsdns-04.co.uk
ns-319.awsdns-39.com
ns-681.awsdns-21.net

MX

Show 7 MX records

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx2.googlemail.com
30 aspmx3.googlemail.com
30 aspmx4.googlemail.com
30 aspmx5.googlemail.com

TXT

facebook-domain-verification=4341a1rnqihkr0ofc3991ecotm0167
google-site-verification=DgI7_VQ2sr64_YliTWrQihP8a44MB765aPT3sXgjMxI

Email authentication partial

SPF

v=spf1 include:servers.mcsv.net include:spf.mandrillapp.com include:email1.kayako.com include:_spf.google.com include:mail.zendesk.com ?all

neutral (?all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@goodgym.org

policy: none (monitoring only)

DKIM

Show 5 DKIM selectors

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChg1Il+d3T/6nW4MV3NaKHHc5lxN/LZXGUMb2ES4nnTTbEf1pmDh640Fo1dWSpT+E1Ts7cA7F0MTL1xDCLm9…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4bvSr74+M8Q0FbFsbnPp8EST8zxEZZVZtqrclUJnD+/lt5i1x73tV+5TFJFHsdOJrLBO8Ge5ZdbAduut9…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE/e4Dlv8H5TtNyj+KN/VF2DpHqryANmHffY1IHG0pkCzqlxiZNYDG1A1zXHlfUy7KEwUcp74hJrbaCydVDJs5Uw…

selectors probed

Certificate (current)

Amazon RSA 2048 M01

from 2025-10-23 to 2026-11-22

Expires in 187 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.goodgym.org/?[object%20Object]

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: same-origin,strict-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'nonce-4c5864a97934' https://browser.sentry-cdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com https://connect.facebook.net https://c0.adalyser.com https://www.redditstatic.com;script-src-elem 'self' https://static.hotjar.com https://script.hotjar.com https://browser.sentry-cdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com https://connect.facebook.net https://c0.adalyser.com https://www.redditstatic.com 'unsafe-inline';connect-src 'self' ws: *.sentry.io maps.googleapis.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adalyser.com https://*.redditstatic.com https://alb.reddit.com;font-src https://fonts.gstatic.com;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com goodgym-uploads.s3.eu-west-1.amazonaws.com d2tfd645274ffx.cloudfront.net https://a.tile.openstreetmap
strict-transport-security: max-age=15552000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin

Links to (3)

Linked from (2)

hallmarkfoundation.org.uk×1
civic.co×1