indexo.dev

grepjason.sh

.sh user

First seen 2026-05-13 · Last seen 2026-05-13 · ok HTTP/1.1 200 265 ms crawled 2026-05-13

US · 172.67.165.66 · AS13335 Cloudflare, Inc.

Reputation 87/100 weak security headers no dmarc policy

sector tech type homepage

HTML metadata

Title
readme.md - Hey, it's Jason!
Description
readme.md - Hey, it's Jason!
Language
en

Open Graph

description
readme.md - Hey, it's Jason!

Technology

CDN
Cloudflare

Third-party hosts loaded (1)

  • publish-01.obsidian.md×4

DNS records live

NS
  • clara.ns.cloudflare.com
  • hunts.ns.cloudflare.com
MX
  • 1 fwd1.porkbun.com
  • 1 fwd2.porkbun.com
  • 10 fwd1.porkbun.com
  • 20 fwd2.porkbun.com

Email authentication weak

SPF
v=spf1 include:_spf.porkbun.com ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-04-29 to 2026-07-28
Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://grepjason.sh/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self' *.obsidian.md; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.obsidian.md blob: https://*:*; frame-src 'self' https://*:* http://127.0.0.1:*; child-src 'self' * blob:; style-src 'self' 'unsafe-inline' https://*:* http://127.0.0.1:*; font-src * https://*:* data: blob:; img-src * data: blob:; media-src * data: blob:; connect-src 'self' 'unsafe-eval' ws://*:* http://*:*