kicksecure.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-07 · ok HTTP/1.1 200 444 ms crawled 2026-05-07

FI · 46.62.186.171 · AS24940 Hetzner Online GmbH

Reputation 75/100 listed in spam blocklist

Classifying

HTML metadata

Title

Kicksecure - Secure by Default Operating System

Description

A secure by default operating system with the latest security research in place.

Language

Generator

MediaWiki 1.45.3

Canonical

https://www.kicksecure.com/wiki/Homepage

Feeds

Kicksecure Atom feed Atom

Open Graph

url: https://www.kicksecure.com/wiki/Homepage
title: Kicksecure - Secure by Default Operating System
site name: Kicksecure
description: A secure by default operating system with the latest security research in place.

Technology

Server: nginx

Social

Registration

Registrar

NameCheap, Inc.

Created

2019-08-11

Expires

2029-08-11 1180 days left

Updated

2025-10-04

Name servers

dns1.registrar-servers.com
dns2.registrar-servers.com

DNS records live

NS

dns1.registrar-servers.com
dns2.registrar-servers.com

MX

10 kicksecure.com

TXT

google-site-verification=UFBMzZ5YHfFXgQW89SArZ0CLU8g_ri1ctSsqO2egNtQ
brave-ledger-verification=3a31aee17e564b31639333db31888b6c44758d25ff21d8b6377c8e93d51ff7de

Email authentication strong

SPF: v=spf1 a mx -all
strict (-all)
DMARC: v=DMARC1; p=reject; sp=reject; pct=100; fo=1; adkim=s; aspf=s; rf=afrf; ri=86400; rua=mailto:kicksecuredprojects-d@dmarc.report-uri.com; ruf=mailto:adrelanos@kicksecure.com
policy: reject (enforced) · sp=reject
DKIM: no key found at common selectors

Certificate (current)

from 2026-04-03 to 2026-07-02

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.kicksecure.com/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(self), clipboard-write=(self), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:;
strict-transport-security: max-age=63072000; includeSubdomains; preload
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-site
content-security-policy-report-only: script-src 'unsafe-eval' blob: 'self' 'unsafe-inline'; default-src * data: blob:; style-src * data: blob: 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1

Links to (15)

Linked from (1)

whonix.org×2