jloh.co

.co crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1392 ms crawled 2026-05-18

DE · 63.176.8.218 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

James Loh

Description

Hi! I’m James, a systems engineer from Melbourne. I’ve built GeoJS, a free geo-location lookup API. Welcome to my corner of the internet.

Language

en-AU

Generator

Hugo 0.155.3

Canonical

https://jloh.co/

Feeds

Open Graph

url: https://jloh.co/
title: James Loh
locale: en_AU
site name: James Loh
description: Hi, I’m James. I’m an infrastructure engineer at Ghost and specialise in building robust highly available systems.

Technology

CDN: Netlify
CMS: Hugo

Third-party hosts loaded (3)

webmention.io×2
aus.social×1
github.com×1

Social

DNS records live

NS

jack.ns.cloudflare.com
kim.ns.cloudflare.com

MX

10 in1-smtp.messagingengine.com
20 in2-smtp.messagingengine.com

TXT

hibp-verify=dweb_92w0d7hrsayv94msl7a3cjzv
keybase-site-verification=Wn6EA1b46WFHpjXvrjHh9iyl8jk8msKXy1fx__H8Pos

Verified for

Google

Email authentication strong

SPF

v=spf1 include:spf.messagingengine.com include:servers.mcsv.net include:amazonses.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc_rua@jloh.co; ruf=mailto:dmarc_ruf@jloh.co;

policy: reject (enforced)

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

from 2026-04-28 to 2026-07-27

Expires in 66 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://jloh.co/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
x-content-type-options: nosniff
content-security-policy: connect-src 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none'; frame-src www.youtube-nocookie.com; img-src 'self' data: i.ytimg.com; manifest-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload

Links to (4)

Linked from (1)

geojs.io×4