knownorigin.io

HTML metadata

Technology

CDN

Cloudflare

Fonts

• Google Fonts

Third-party hosts loaded (2)

• fonts.googleapis.com×2
• fonts.gstatic.com×1

Social

• github

DNS records live

NS

• demi.ns.cloudflare.com
• harley.ns.cloudflare.com

MX

• 10 mx1.hc2186-24.iphmx.com
• 10 mx2.hc2186-24.iphmx.com

TXT

Show 6 TXT records

• pinterest-site-verification=bbb644341625fd6055f69c5aec95be58
• wallet-connect-dns-verification=55180bebc0e7e27a24fd6d366c05df876e2d96ee2f250196ecc7090267668a45
• MS=ms74428734
• facebook-domain-verification=rbgaperacnqmbu3kkokm4dua7iitvx
• fortmatic-site-verification=Y6rhxsugWsRvlMHP
• google-site-verification=63xQjqmYlRjZlxvCCLYVbOdFwnWUdIxEB6ydKLdGDYw

Email authentication strong

SPF

v=spf1 include:c._spf.ebay.com include:servers.mcsv.net include:mailgun.org ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:ebay@rua.agari.com; ruf=mailto:ebay@ruf.agari.com; fo=1; rf=afrf; pct=100

policy: reject (enforced)

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://knownorigin.io/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• short HSTS max-age
• CSP allows unsafe inline scripts/styles
• missing Permissions Policy

Links to (6)

• etherscan.io×2
• foundation.app×2
• github.com×2
• magiceden.io×2
• opensea.io×2
• rarible.com×2

Linked from (3)

• erc721.org×2
• dengltd.tech×2
• manchesterblockchainalliance.io×2