pico.com
HTML metadata
Technology
- Server
- nginx
- CMS
- Next.js
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (1)
- www.googletagmanager.com×1
Social
Registration
- Registrar
- GoDaddy.com, LLC
- Created
- 1995-04-25
- Expires
- 2028-04-26 691 days left
- Updated
- 2022-10-01
- Name servers
-
- ns1-09.azure-dns.com
- ns2-09.azure-dns.net
- ns3-09.azure-dns.org
- ns4-09.azure-dns.info
DNS records live
- NS
-
- ns1-09.azure-dns.com
- ns2-09.azure-dns.net
- ns3-09.azure-dns.org
- ns4-09.azure-dns.info
- MX
-
- 10 pico-com.mail.protection.outlook.com
- TXT
-
amazonses:kXjUNgQspwK+miQT9/oazgDgRjUX6Uzj73TFu60gfCc=
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 ip4:13.70.0.0/16 ip4:13.75.0.0/16 ip4:13.94.0.0/16 ip4:23.99.0.0/16 ip4:52.175.0.0/16 ip4:218.103.0.0/16 ip4:205.201.128.0/20 ip4:198.2.128.0/18 ip4:148.105.0.0/16 include:spf.protection.outlook.com include:_spf.salesforce.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; ruf=mailto:tech-dmarcruf@pico.com; rua=mailto:tech-dmarcrua@pico.com; fo=1 ; pct=100policy: quarantine - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChxYA62GeeBvWfqFUV7FIWPP3NMFNaWu2h9wXLMKUSad94f1CBbJhB8ZUac5oSoRZEWKHpPcaFflzy6tTU5e… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - selector1:
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 182 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- weak frame protection
- weak content type protection
Header values
- referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin- x-frame-options
DENY, SAMEORIGIN- permissions-policy
geolocation=(), microphone=()- x-content-type-options
nosniff, nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://chimpstatic.com https://www.facebook.com 'unsafe-eval'; worker-src 'self' blob: https:; child-src 'self' blob: https:; frame-src 'self' blob: https:; object-src 'none'; base-uri 'self'; img-src 'self' blob: data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; media-src 'self' https:- strict-transport-security
max-age=63072000; includeSubDomains; preload- cross-origin-opener-policy
same-origin- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin
Links to (10)
- youtube.com×1
- youku.com×1
- xiaohongshu.com×1
- x.com×1
- weibo.com×1
- sharepoint.com×1
- pinterest.com×1
- linkedin.com×1
- instagram.com×1
- facebook.com×1