mistolin.co
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
- Fonts
-
- Google Fonts
Third-party hosts loaded (2)
- fonts.googleapis.com×3
- fonts.gstatic.com×1
DNS records live
- NS
-
- dns1.p04.nsone.net
- dns2.p04.nsone.net
- dns3.p04.nsone.net
- dns4.p04.nsone.net
- Verified for
-
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 56 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(self), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(self), unload=(self), window-placement=(self), vertical-scroll=(self)- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; frame-ancestors 'self' ; object-src 'none'; script-src 'nonce-911f541debe5fb3c88f071468ab53673' 'strict-dynamic' 'unsafe-inline';- strict-transport-security
max-age=31622400; includeSubDomains; preload