nuuly.com

.com crawl

First seen 2026-05-08 · Last seen 2026-05-15 · ok HTTP/1.1 200 9552 ms crawled 2026-05-15

US · 34.160.153.0 · AS396982 Google LLC

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title: Clothing Rental | Nuuly
Description: Rent, resell & thrift clothes online in ways that are gentler on the planet & your wallet.
Language: en
Canonical: https://www.nuuly.com/

Open Graph

url: https://www.nuuly.com/
title: Clothing Rental | Nuuly
locale: en-US
site name: Nuuly
description: Rent, resell & thrift clothes online in ways that are gentler on the planet & your wallet.

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (3)

images.ctfassets.net×16
js.datadome.co×1
www.googletagmanager.com×1

Social

Registration

Registrar

SafeNames Ltd.

Created

2012-03-05

Expires

2028-03-05 654 days left

Updated

2026-04-01

Name servers

ns-cloud-a1.googledomains.com
ns-cloud-a2.googledomains.com
ns-cloud-a3.googledomains.com
ns-cloud-a4.googledomains.com

DNS records live

NS

ns-cloud-a1.googledomains.com
ns-cloud-a2.googledomains.com
ns-cloud-a3.googledomains.com
ns-cloud-a4.googledomains.com

MX

1 smtp.google.com

TXT

Show 12 TXT records

_n1zmk40hxui4x1jcgaup9bair4q4poi
datadome-domain-verify=wGGFzaMkgsCLVvt93T0EmSoVI38z92Pb
_3ygea8rnicva4oi20ty6gjuydxiwrfn
_mb1isem6b6i4qba4hzg0a8cjojp7vbs
v=BIMI1;l=;a=https://www.nuuly.com/.well-known/bimi/nuuly_bimi_cert.pem
_vuu4dp3oq6j3jaopelmqea8wg6i4v4a
ly091mk8bmy8pthwwm6xfx3d2300dgwr
_3pggtvrspr4s2fvmotimpowp0xdky12
mr9gr0zj8ln1kjqnywmr3wrddpdjffmx
_y3vb4442twkh8dy5aauqtxh48j36uhe
_59chvrc1pjkteoveqc30mazintzwr8n
_tdyjanup9gfh0aw558ra65p8t98gfm8

Verified for

Anthropic
Apple
Atlassian
GlobalSign
Google
Microsoft 365
Zoom

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:_spf.google.com include:sendgrid.net -all

strict (-all)

DMARC

v=DMARC1; p=none; sp=quarantine; pct=100; rua=mailto:dmarc-monitoring@nuuly.com;

policy: none (monitoring only) · sp=quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx8d+h2/Y3fgdHwPS0CkQ0g0Y+QvYZY9f5kkQF+vfZDUyUk2aewrZuzQPhchpHWNMEyJowWMddkU/TxaGHav…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-01-06 to 2027-01-06

Expires in 230 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.nuuly.com/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://tag.tapad.com https://*.appboycdn.com https://*.intercomcdn.com https://*.crazyegg.com https://*.split.io https://*.stripe.com http://*.friendbuy.com http://djnf6e5yyirys.cloudfront.net http://idsync.rlcdn.com http://images.ctfassets.net http://tag.rmp.rakuten.com https://*.crazyegg.com https://*.friendbuy.com https://*.intercom.io https://*.linksynergy.com https://*.scene7.com https://api.recurly.com https://cdn.contentful.com https://connect.facebook.net https://www.pinterest.com https://ct.pinterest.com https://djnf6e5yyirys.cloudfront.net https://idsync.rlcdn.com https://images.contentful.com https://images.ctfassets.net https://js.appboycdn.com https://js.recurly.com https://nypi.dc-storm.com https://s.pinimg.com https://sdk.iad-01.braze.com https://static.intercomassets.com https://stats.g.doubleclick.net https://storage.googleapis.com https://tag.rmp.rakuten.com https://us-east4-rental-dev.cloudfunctions.net https://

Links to (6)

Linked from (2)

urbn.com×1
wearethewildco.com×1