lunr.app

HTML metadata

Title: Home | Lunr Engineering Content Management
Description: Lunr is an Engineering Document Management system for fast moving engineering teams.
Language: en
Canonical: https://lunr.app

Open Graph

url: https://lunr.app
title: Home
locale: en_US
site name: Lunr Engineering Content Management
description: Lunr is an Engineering Document Management system for fast moving engineering teams.

Technology

CDN: Cloudflare

Analytics

Cloudflare Insights
Fathom
Google Tag Manager

Third-party hosts loaded (5)

fonts.bunny.net×2
cdn.usefathom.com×1
kit.fontawesome.com×1
static.cloudflareinsights.com×1
www.googletagmanager.com×1

Social

DNS records live

NS

mary.ns.cloudflare.com
reese.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Email authentication strong

SPF

v=spf1 include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:alerts.onset.mailadmins@onset.com.au, mailto:06432d34370e43d4b124ebe4c00b90e2@dmarc-reports.cloudflare.net; ruf=mailto:alerts.onset.mailadmins@onset.com.au

policy: reject (enforced)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhsKGLsEMLyapGzAPF9JAM8juS3N95b3GCvRXkr+mdHP+UlVZtbGBIWHe7Vi+EyMQw5vkbStXYeFhA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqL1NO8rSmjAIOsRRiIIVhCD6zAsSot7jm0PCHbsA6/3KYW7nU8nIwVUGvMZwfIJx2seMSyWpEkKRiwwCI…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5tt/gpfYSmyWpofXUCvoK59GsiDqxkCKOvUGL2iasrPLB/0aieW+WVH+9JWXQ5Up3SeeCBklSj8QHbVXz…

selectors probed

Certificate (current)

E7

from 2026-03-22 to 2026-06-20

Expires in 32 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://lunr.app/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(self), bluetooth=(), camera=(), captured-surface-control=(self), clipboard-read=(), clipboard-write=(), compute-pressure=(), cross-origin-isolated=(self), display-capture=(), encrypted-media=(self), fullscreen=(self), gamepad=(), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), window-management=(self), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'none'; connect-src 'self' https://ka-p.fontawesome.com https://kit.fontawesome.com https://google.com/ccm/ https://www.google.com/ccm/ https://google.com/pagead/ https://www.google.com/pagead/ www.googletagmanager.com; font-src 'self' https://fonts.bunny.net https://ka-p.fontawesome.com https://kit.fontawesome.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' https://googleads.g.doubleclick.net/pagead/ https://google.com/ccm/ https://www.google.com/ccm/ https://google.com/pagead/ https://www.google.com/pagead/ https://www.google.com.au/pagead/ www.googletagmanager.com https://cdn.usefathom.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: static.cloudflareinsights.com https://www.google.com/pagead/ https://www.google.com.au/pagead/ https://googleads.g.doubleclick.net https://ka-p.fontawesome.com https://kit.fontawesome.com https://www.googletagmanager.com https://cdn.usefathom.com; style-src 'sel
strict-transport-security: max-age=15552000; includeSubDomains

Links to (1)

linkedin.com×2

Linked from (1)

designtotailwind.com×2