merchbar.com

HTML metadata

Title: Band Merch - T-Shirts, Vinyl, Posters & Merchandise | Merchbar
Description: Lowest prices on 1,000,000+ band t-shirts, vinyl records, hoodies, posters and more from over 35,000 Rock, Pop, R&B, Hip-Hop, Metal and EDM artists. Shop now!
Language: en

Open Graph

title: Band Merch - T-Shirts, Vinyl, Posters & Merchandise | Merchbar
description: Lowest prices on 1,000,000+ band t-shirts, vinyl records, hoodies, posters and more from over 35,000 Rock, Pop, R&B, Hip-Hop, Metal and EDM artists. Shop now!

Technology

Server: Google
CMS: Next.js

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×1
fonts.gstatic.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

2014-07-08

Expires

2027-07-08 414 days left

Updated

2025-12-23

Name servers

ns-cloud-e1.googledomains.com
ns-cloud-e2.googledomains.com
ns-cloud-e3.googledomains.com
ns-cloud-e4.googledomains.com

DNS records live

NS

ns-cloud-e1.googledomains.com
ns-cloud-e2.googledomains.com
ns-cloud-e3.googledomains.com
ns-cloud-e4.googledomains.com

MX

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx2.googlemail.com
30 aspmx3.googlemail.com

TXT

Show 5 TXT records

facebook-domain-verification=25crijxu088lyyu4qm6moam5dk0p7v
google-site-verification=VRNHInH5jBTWRQghEQdbumpeeoBE4msO2bHbdmWK9hI
Probely=4bd681c6-e6b5-43d0-af28-258327d4e1be
google-site-verification=FLMk_bAvuIcr88fZCaOi3mMNRb9B-3hI8xtSjC5UJaQ
google-site-verification=M9qknBBA6iv4syJ2DM6VUl74nHxzfnbhcLQ574ONVrk

Email authentication partial

SPF

v=spf1 include:_spf.google.com include:spf.mail.intercom.io include:spf.tipalti.com include:mailgun.org include:mail.zendesk.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@merchbar.com; pct=100;

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmLVlACN64FU2HWGs8aHAyjy+K5Fq/iVx5m+ByGgxqC8PoNb0WPnPoVdbcJU3mxw1dXO4GHnvIwUJo…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WR3

from 2026-05-16 to 2026-08-14

Expires in 87 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.merchbar.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'nonce-8qHu7PY55fLUFAPfp3g8ag==' 'unsafe-eval' https://dd.merchbar.com https://js.captcha-display.com https://consent.cookiebot.com https://cdn.siftscience.com https://connect.facebook.net https://www.googletagmanager.com https://pagead2.googlesyndication.com https://tag.wknd.ai https://advertiserpro.flexoffers.com https://www.dwin1.com https://js.stripe.com https://static-na.payments-amazon.com https://osm.klarnaservices.com https://secure.nmi.com https://www.usaepay.com https://sandbox.usaepay.com https://seal.godaddy.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://accounts.google.com https://applepay.cdn-apple.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://consent.cookiebot.com https://accounts.google.com https://secure.nmi.com; font-src 'self' data: https://fonts.gstatic.com https://netdna.bootstrapcdn.com; img-src 'self' data: blob: https:; connect-src 'self' https://dd.merchba
strict-transport-security: max-age=63072000; includeSubDomains