passkeys.dev

HTML metadata

Title

passkeys.dev - Passkeys Developer Resources

Description

Hello passkeys! Goodbye passwords.

Language

en

Generator

Hugo 0.158.0

Feeds

• RSS RSS

Open Graph

url

https://passkeys.dev/

title

Passkeys Developer Resources

locale

en_US

site name

passkeys.dev

description

Hello passkeys! Goodbye passwords.

Technology

CDN

Cloudflare

CMS

Hugo

Analytics

• Cloudflare Insights

Third-party hosts loaded (1)

• static.cloudflareinsights.com×2

Social

• github
• bluesky
• mastodon

DNS records live

NS

• destiny.ns.cloudflare.com
• shane.ns.cloudflare.com

MX

• 32 route3.mx.cloudflare.net
• 78 route2.mx.cloudflare.net
• 90 route1.mx.cloudflare.net

TXT

• google-site-verification=LJbnt4DuMJOkj8pwfX-XzF9-uPfoaRFao35-ajzyGwI

Email authentication strong

SPF

v=spf1 include:_spf.mx.cloudflare.net ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:tim@cloudauth.dev

policy: reject (enforced) · sp=reject

DKIM

• default: v=DKIM1; p=
• google: v=DKIM1; p=
• selector1: v=DKIM1; p=
• selector2: v=DKIM1; p=
• k1: v=DKIM1; p=
• k2: v=DKIM1; p=
• mail: v=DKIM1; p=
• dkim: v=DKIM1; p=
• s1: v=DKIM1; p=
• s2: v=DKIM1; p=
• mxvault: v=DKIM1; p=
• smtpapi: v=DKIM1; p=

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://passkeys.dev/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing Permissions Policy

Links to (7)

• bsky.app×2
• fidoalliance.org×2
• fosstodon.org×2
• github.com×2
• passkeycentral.org×2
• simplewebauthn.dev×2
• w3.org×2

Linked from (4)

• authelia.com×2
• simplewebauthn.dev×2
• passkeycentral.org×2
• passkeys.io×2