nbatopshot.com

.com crawl

First seen 2026-04-15 · Last seen 2026-05-11 · ok HTTP/1.1 200 1186 ms crawled 2026-05-11

US · 104.17.238.9 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: NBA Top Shot
Description: OFFICIALLY LICENSED NBA COLLECTIBLES. Relive the Moments from your favorite players and teams. Collect iconic NBA highlights. Trade with NBA fans around the world.

Open Graph

url: https://nbatopshot.com
title: NBA Top Shot
site name: NBA Top Shot
description: OFFICIALLY LICENSED NBA COLLECTIBLES. Relive the Moments from your favorite players and teams. Collect iconic NBA highlights. Trade with NBA fans around the world.

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights

Cookie consent

OneTrust

Fonts

Adobe Fonts

Third-party hosts loaded (3)

cdn.cookielaw.org×1
static.cloudflareinsights.com×1
use.typekit.net×1

Social

Registration

Registrar

GoDaddy Corporate Domains, LLC

Created

2019-07-24

Expires

2026-07-24 65 days left

Updated

2025-06-23

Name servers

dora.ns.cloudflare.com
thomas.ns.cloudflare.com

DNS records live

NS

dora.ns.cloudflare.com
thomas.ns.cloudflare.com

MX

10 mxa.mailgun.org
10 mxb.mailgun.org

TXT

google-site-verification=lf8d0usjWUPu4hdBppczhmLRr31H8ak8sTu6n_pDri0
google-site-verification=s1SN8GTcxqBgAgsJnnWG3X1iT6gG6TNi-WDf2hWd-6E
google-site-verification=3mGJveMZI27dDh016UJr7vCNaACQoQcmLsT9_OtWnlI

Email authentication strong

SPF

v=spf1 include:mailgun.org include:6444322.spf06.hubspotemail.net include:mail.zendesk.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; sp=reject; rua=mailto:re+eddb4d41fa12@inbound.dmarcdigests.com; adkim=r; aspf=r; pct=100

policy: reject (enforced) · sp=reject

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqfSzUF38Qj1JRIqPZhpaUbXzYpQSeL3aQF5hXAqf5T0W0yaU6tD2z/EFsS4tB0wHtwBGktvk3I35Fhawz…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y+Hnw7umXyct5iXwIYqSbx1n9mteDUoKbg0CGHd5q4VN8l1tKjvykhi3jENgycVvldNvk59mkneL83cra…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

WE1

from 2026-03-18 to 2026-06-16

Expires in 27 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://nbatopshot.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.nbatopshot.com https://ts-generatorstaging.mychainapp.com https://builder.io; script-src 'nonce-9H3eB9GwV2VDKyinnsSzPRMcN4GBgKaT178uufZX0EM=' 'self' 'strict-dynamic' 'unsafe-inline' 'sha256-kfj6eyC8r7CtsQ+hxE/x72Xm74idun74wX21bZr1b1I=' https: 'wasm-unsafe-eval'
strict-transport-security: max-age=15552000; includeSubDomains

Links to (11)

Linked from (1)

dapperlabs.com×2