indexo.dev

maplereview.uk

.uk crawl

First seen 2026-04-22 · Last seen 2026-05-12 · ok HTTP/1.1 200 801 ms crawled 2026-05-15

US · 104.21.96.72 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

sector other type homepage

HTML metadata

Title
The Maple Review
Language
en

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Registration

Registrar
Cloudflare, Inc.
Created
2025-05-14
Expires
2027-05-14 360 days left
Updated
2025-05-14
Name servers
  • clay.ns.cloudflare.com.
  • lisa.ns.cloudflare.com.

DNS records live

NS
  • clay.ns.cloudflare.com
  • lisa.ns.cloudflare.com
MX
  • 1 smtp.google.com
TXT
  • google-site-verification=mDNS8LPUDFnRRvzq-xqJ3rdllwo_bXwrDJp_xUdY8lI

Email authentication weak

SPF
not published
DMARC
v=DMARC1; p=none; rua=mailto:583af66eb37d4b1f8ca1374be1436573@dmarc-reports.cloudflare.net;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-05-04 to 2026-08-02
Expires in 75 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://maplereview.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(self), camera=(self), fullscreen=(self "https://player.vimeo.com"), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), sync-xhr=(self), usb=(self)
x-content-type-options
nosniff
content-security-policy
base-uri 'none'; block-all-mixed-content; connect-src 'self' the-maple-review.s3.eu-west-2.amazonaws.com accounts.google.com maps.googleapis.com *.constantcontact.com *.ctctcdn.com *.google-analytics.com *.vimeo.com; default-src blob:; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-ancestors none; frame-src 'self' *.google.com player.vimeo.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.vimeocdn.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' blob: 'nonce-S2VuTWNDYWxsdW1DU1BOb25jZQ==' *.cloudflare.com *.ctctcdn.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.stripe.com player.vimeo.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.ctctcdn.com accounts.google.com fonts.googleapis.com; upgrade-insecure-requests
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups

Links to (6)

Linked from (1)