hoppscotch.io
HTML metadata
Technology
- CDN
- Vercel
DNS records live
- NS
-
- ns1.vercel-dns.com
- ns2.vercel-dns.com
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
Show 4 TXT records
00386709OJG6imaNGQAQM8Guz5s0EQ_8dj4Djek0lVh0jPBYjX4_posthog_verification=0197c9f7-8617-7671-a5dd-6b58a2ed0520firebase=postwoman-api
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:_spf.firebasemail.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; pct=100; rua=mailto:re+oa7idjangms@dmarc.postmarkapp.com; sp=none; aspf=r;policy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 77 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
frame-ancestors 'self'; default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';- strict-transport-security
max-age=63072000