gridlines.io
gridlines.io
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Server
- nginx
- CMS
- Next.js
DNS records live
- NS
-
- ns-1495.awsdns-58.org
- ns-1802.awsdns-33.co.uk
- ns-50.awsdns-06.com
- ns-810.awsdns-37.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- Verified for
-
Email authentication partial
- SPF
-
v=spf1 include:_spf.google.com include:amazonses.com include:sendersrv.com ~allsoftfail (~all) - DMARC
-
v=DMARC1;p=none;pct=25;rua=mailto:tech@gridlines.iopolicy: none (monitoring only) · pct=25 - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNqSVHjmBFjlZzCrw1EyAXKo6UY4Z6Ydl0HWaDh/woymmz48dy8A14L06qwMOsZU9erfglxUHz34ejUmEP3z…
selectors probed - google:
Certificate (current)
Amazon RSA 2048 M01
Expires in 167 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; frame-src 'self' https://*.jotform.com https://*.jotfor.ms https://www.google.com https://*.s3.ap-south-1.amazonaws.com data: blob:; connect-src 'self' https: blob:;- strict-transport-security
max-age=31536000