indexo.dev

lodash.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 204 ms crawled 2026-05-18

DE · 35.157.26.135 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Lodash
Description
A JavaScript utility library delivering consistency, modularity, performance, & extras.
Language
en

Technology

CDN
Netlify

Third-party hosts loaded (1)

  • github.com×1

Social

Registration

Registrar
NameCheap, Inc.
Created
2012-05-07
Expires
2029-05-07 1083 days left
Updated
2026-04-12
Name servers
  • dns1.p04.nsone.net
  • dns2.p04.nsone.net
  • dns3.p04.nsone.net
  • dns4.p04.nsone.net

DNS records live

NS
  • dns1.p04.nsone.net
  • dns2.p04.nsone.net
  • dns3.p04.nsone.net
  • dns4.p04.nsone.net
MX
  • 10 mxa.mailgun.org
  • 10 mxb.mailgun.org
TXT
  • google-site-verification=bz9LQ9T0izxPH-cLzY6-uaG6gr1vu_x8BPZERWDrQmQ

Email authentication weak

SPF
v=spf1 include:mailgun.org ~all
softfail (~all)
DMARC
not published
DKIM
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2nFl+O5WGUR+DsHmKhQbLFKu0zJfO97kcklr+Yz521g6AFH+hXuEYIyhwElAbYc0moThn1zCrGQDJfkHu7LjgJfUtGC4…
selectors probed

Certificate (current)

E8
from 2026-03-30 to 2026-06-28
Expires in 40 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://lodash.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net; style-src 'self' cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buyse
strict-transport-security
max-age=31536000

Links to (5)

Linked from (6)