kollective.app

.app crawl

First seen 2026-04-15 · Last seen 2026-05-09 · ok HTTP/1.1 200 1094 ms crawled 2026-05-09

US · 162.159.135.83 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Sign In
Description: Sign in page for Customer Portal
Language: en

Technology

CDN: Cloudflare
CMS: Next.js

DNS records live

NS

marek.ns.cloudflare.com
zoe.ns.cloudflare.com

TXT

_globalsign-domain-verification=FV8uT_jtbRtoYz6s38M8j_kts59K7E9hSaZeg03Pvq

Email authentication no MX

SPF

not published

DMARC

v=DMARC1;p=none;rua=mailto:hitzk8ys@ag.us.dmarcian.com,mailto:aggrep@kollective.com;ruf=mailto:hitzk8ys@fr.us.dmarcian.com,mailto:authfail@kollective.com;

policy: none (monitoring only)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuZlzD75V9n142mBHZgm72ZYpeOaKKMsSSgGO2qPDfygWRz4hWcplmmd2nHacRpm2jRQR1rOsMiZ/dtrbB…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ZJU/+TmbyXz2CLP8UwyRq0eyAsMCpB79/i9Hn264+C/+v0Qd0sN07Ag+unVHDrIHeDul/iWPzaIDmAhXKIRIvB…

selectors probed

Certificate (current)

from 2026-04-25 to 2026-07-24

Expires in 66 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://portal.kollective.app/sign-in?returnTo=%2F

present

strict-transport-security
content-security-policy
x-frame-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
missing content type protection
missing Permissions Policy

Header values

referrer-policy: origin-when-cross-origin
x-frame-options: SAMEORIGIN
content-security-policy: base-uri 'self';object-src 'none';style-src 'self' https://fonts.googleapis.com go.kollective.com pages.riverbed.com 'unsafe-inline' data:;frame-ancestors 'self';worker-src blob: ;
strict-transport-security: max-age=15552000; includeSubDomains; preload

Linked from (1)

kollective.com×1