podia.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 3599 ms crawled 2026-05-18

US · 108.157.229.93 · AS16509 Amazon.com, Inc.

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title

Your website, products, and email - all on Podia | Podia

Description

Your free website, blog, emails, and products - all in one place. Start and grow your online business with Podia.

Language

Translations

Open Graph

url: https://podia.com/
title: Your website, products, and email - all on Podia
site name: Podia
description: Your free website, blog, emails, and products - all in one place. Start and grow your online business with Podia.

Technology

CDN: Amazon CloudFront
CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (3)

images.ctfassets.net×26
www.googletagmanager.com×4
r.wdfl.co×1

Social

Registration

Registrar

Cloudflare, Inc.

Created

1998-12-01

Expires

2028-11-30 925 days left

Updated

2023-10-12

Name servers

jonah.ns.cloudflare.com
laura.ns.cloudflare.com

DNS records live

NS

jonah.ns.cloudflare.com
laura.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 6 TXT records

google-site-verification=CCo1V-7sib06H2Bo90rr6eMPsowoMiV9TIY7khPEy08
google-site-verification=NQSKywH9LsaV8U9mYXyToZip9Tf3rpcOJ4rT5HcktEY
google-site-verification=RaSCWqUqyiyB9iaBeme9Cg_u-SpLkZYKqRzv3dWuGhw
google-site-verification=VpnWIGqzc-8jVYCEEfXHY0paB7nCX5JkaMz70JF6sVQ
google-site-verification=lU4BC8xbgrcgxcOSjQXyN9xG_FCFLyPbChGmDYkdumQ
slack-domain-verification=FPCFtMGkQvHEgvREVgoMlt5Bsk3b5bKGUyuqqAjj

Email authentication partial

SPF

v=spf1 include:_spf.google.com include:emsd1.com include:spf.dixa.io ~all

softfail (~all)

DMARC

v=DMARC1; p=none; sp=none; rua=mailto:2b3520e957f24170a6eb133081fffc95@dmarc-reports.cloudflare.net,mailto:re+90aa7d40737a@inbound.dmarcdigests.com; pct=100

policy: none (monitoring only) · sp=none

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFzLUsSX4d1jPU2BVvrMzXjlzOwIw0VFSCfnHn51Bryb1wq72qAT8fIC4/t+wOyS4WQM7YaE0CQXqZTipK…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ecdx/1g2nnHfodCHxOYkv6NEV6fE4teSgiEIl+iKQpojM1PEzWo13elMGFn2svmPkg+h9/LR3+VWvEc8a…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

Amazon RSA 2048 M01

from 2025-11-10 to 2026-12-09

Expires in 203 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.podia.com

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: child-src 'self' https: www.googletagmanager.com; connect-src 'self' https: bat.bing.com *.ctfassets.net edge.fullstory.com analytics.google.com www.googletagmanager.com api.segment.io cdn.segment.com vimeo.com wss://*.intercom-messenger.com; default-src 'self' https:; font-src 'self' https: data: *.vimeocdn.com; frame-src 'self' https: www.googletagmanager.com; img-src 'self' https: data: content.app-us1.com bat.bing.com *.ctfassets.net static.kindlycdn.com *.vimeocdn.com; media-src 'self' https: data: *.ctfassets.net *.vimeocdn.com; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' 'wasm-unsafe-eval' *.app-us1.com bat.bing.com connect.facebook.com *.fullstory.com analytics.google.com www.googletagmanager.com chat.kindlycdn.com public.profitwell.com api.segment.io cdn.segment.com sleeknotecustomerscripts.sleeknote.com *.vimeocdn.com vimeo.com player.vimeo.com; style-src 'self' https: data: 'unsafe-inline' fonts.bunny.net *.vimeocdn.com; worker-src 'none'; form-action '