indexo.dev

nextflywebdesign.com

.com crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 2468 ms crawled 2026-05-19

US · 52.20.104.116 · AS14618 Amazon.com, Inc.

Reputation 87/100 weak security headers no dmarc policy

sector tech type homepage

HTML metadata

Title
Indianapolis Web Design Company | NEXTFLY®
Description
Indianapolis web design company with 20+ years of experience. NEXTFLY® builds fast, secure, SEO-friendly websites that drive real business growth.
Language
en-US
Generator
WordPress 6.9.4
Canonical
https://nextflywebdesign.com/
Feeds

Open Graph

url
https://nextflywebdesign.com/
title
Home
locale
en_US
site name
NEXTFLY®
description
Indianapolis web design company with 20+ years of experience. NEXTFLY® builds fast, secure, SEO-friendly websites that drive real business growth.

Technology

Server
Apache
CMS
WordPress
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Third-party hosts loaded (8)
  • fonts.googleapis.com×3
  • secure.gravatar.com×3
  • challenges.cloudflare.com×2
  • js.hs-scripts.com×2
  • www.googletagmanager.com×2
  • gmpg.org×1
  • monitor.clickcease.com×1
  • www.facebook.com×1

Social

Contact

Phone

Registration

Registrar
NameCheap, Inc.
Created
2012-03-22
Expires
2028-03-22 671 days left
Updated
2025-03-07
Name servers
  • donald.ns.cloudflare.com
  • tess.ns.cloudflare.com

DNS records live

NS
  • donald.ns.cloudflare.com
  • tess.ns.cloudflare.com
MX
  • 0 mail.nextflywebdesign.com
Verified for
  • Google

Email authentication weak

SPF
v=spf1 a mx +ip4:52.20.104.116 +ip4:18.217.232.156 include:turbo-smtp.com ?all
neutral (?all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-03-26 to 2026-06-24
Expires in 35 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://nextflywebdesign.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests

Links to (4)

Linked from (1)