indexo.dev

holopin.io

.io crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 4559 ms crawled 2026-05-19

US · 76.76.21.21 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Awesome Digital Badges for Skills and Achievements | Works on GitHub, GitLab, and integrates with Your Website and Social Media
Description
Get recognized and validate your skills and achievements with digital badges that work on GitHub, GitLab, and social media platforms. Our platform makes it easy to create, issue, and collect badges for the things you do best.

Technology

CDN
Vercel
CMS
Next.js
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • fonts.googleapis.com×3
  • fonts.gstatic.com×1

Social

Contact

Email

DNS records live

NS
  • ns-1212.awsdns-23.org
  • ns-1674.awsdns-17.co.uk
  • ns-415.awsdns-51.com
  • ns-602.awsdns-11.net
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • atlassian-sending-domain-verification=e2acd023-8484-46c5-b549-896329ff81b4
Verified for
  • Atlassian
  • Google

Email authentication weak

SPF
v=spf1 include:amazonses.com include:_spf.google.com ~all
softfail (~all)
DMARC
not published
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWjBctw/oREbju79FyqF1/5Q7cZrZMn4sSUYkyrbLEYSnwrn/gXuMJKlHZbpTK3EdHBfYBhaz3jC/fyKGD…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2fbmA4qYa/qh4TbZmWwJPuz4GqgDsYgeEj+G3ZY1HaVNlGULWu8qhzouzwwWyog04ZgC0IWL2mRjuYT8d…
selectors probed

Certificate (current)

R13
from 2026-05-11 to 2026-08-09
Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.holopin.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' ; img-src 'self' 'unsafe-inline' https://assets.holopin.io/ https://avatars.githubusercontent.com/ https://boards.holopin.io data: https://sa.holopin.io/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; script-src-elem 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sa.holopin.io; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://holopin-assets.s3.amazonaws.com/;
strict-transport-security
max-age=63072000

Links to (8)

Linked from (3)