laborless.io

.io crawl

First seen 2026-05-09 · Last seen 2026-05-15 · ok HTTP/1.1 200 2384 ms crawled 2026-05-15

US · 54.243.121.6 · AS14618 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Electronic LCA Posting and PAFs - LaborLess
Description: Electronic LCA Notices and PAF management. Posting electronic Labor Condition Applications and maintaining electronic Public Access Files has never been easier. LaborLess takes the busy work out of LCA compliance with just a few clicks.

Open Graph

url: https://www.laborless.io
description: Electronic LCA Notices and PAF management. Posting electronic Labor Condition Applications and maintaining electronic Public Access Files has never been easier. LaborLess takes the busy work out of LCA compliance with just a few clicks.

Technology

Server: gunicorn
CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (7)

cdn.datatables.net×1
cdnjs.cloudflare.com×1
dc.ads.linkedin.com×1
fonts.googleapis.com×1
js.sentry-cdn.com×1
www.google.com×1
www.googletagmanager.com×1

Social

DNS records live

NS

dns1.registrar-servers.com
dns2.registrar-servers.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Verified for

Google
Stripe

Email authentication weak

SPF

not published

DMARC

v=DMARC1; p=none; rua=mailto:ariel@laborless.io

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcldOZuEIHJsNHryV+k+rNuMJlgjUvV5+dQ1Dmr2qHelPoSzLpBGNZeRLs+NmmUdTOTaMAPAjm0FZ8…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs09NW1qaPC8q3z7kJFXOzzNfMB8u80s8K8vtRK79hU9HK3sc3OGasjbugUkokVFpxEddNTBW4fc4u+0xIs…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvsjud+JFY0Ne0arF8ObP1q/9X77buiSA+L8fOqMTciIPnjmIx2gfFBzg57w3QumbddQLf/933RqbFO86fRUKIyE…

selectors probed

Certificate (current)

R13

from 2026-04-19 to 2026-07-18

Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://laborless.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' self www.google.com www.googletagmanager.com *.laborless.io *.cloudflare.com *.licdn.com *.gstatic.com *.linkedin.com www.google-analytics.com *.googleapis.com *.bootstrapcdn.com *.doubleclick.net *.youtube.com *.amazonaws.com *.datatables.net *.stripe.com *.sendgrid.net *.sentry-cdn.com *.gather.town *.google.com 127.0.0.1 *.jsdelivr.net *.quilljs.com cdnjs.cloudflare.com *.hs-scripts.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net js.hscollectedforms.net *.hubspot.com *.hsforms.com *.usemessages.com *.stripe.com *.stripe.network js.stripe.com 'nonce-0tHrRbM57YO/d5oQQLKymw=='; style-src 'self' 'unsafe-inline' www.google.com www.googletagmanager.com *.licdn.com *.gstatic.com *.linkedin.com www.google-analytics.com *.googleapis.com *.bootstrapcdn.com *.doubleclick.net *.youtube.com *.amazonaws.com *.cloudflare.com *.jsdelivr.net cdnjs.cloudflare.com *.quilljs.com; script-src 'self' self localhost www.google.com www.googletagmanager.com *.cloudflare.com *.licdn
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin

Links to (1)

linkedin.com×1

Linked from (1)

outtake.ai×1