polypane.app

.app crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 819 ms crawled 2026-05-18

NL · 128.199.51.217 · AS14061 DigitalOcean, LLC

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title

Polypane. The missing half of your web development environment.

Description

A development browser for professional web developers. Build and test responsive, accessible websites with multi-viewport previews and accessibility tooling.

Language

Generator

Gatsby 2.32.11

Canonical

https://polypane.app/

Feeds

Polypane Blog RSS

Open Graph

url: https://polypane.app/
title: Polypane. The missing half of your web development environment.
description: A development browser for professional web developers. Build and test responsive, accessible websites with multi-viewport previews and accessibility tooling.

Technology

Server: nginx
CMS: Gatsby

Third-party hosts loaded (4)

cdn.paddle.com×3
cdn.tolt.io×1
chrome.google.com×1
w6r2022ytt-dsn.algolia.net×1

Social

DNS records live

NS

ns1.messagingengine.com
ns2.messagingengine.com

MX

10 in1-smtp.messagingengine.com
20 in2-smtp.messagingengine.com

TXT

google-site-verification=zOEejx6jkT6b23q8458dg6Lga2np9zLuVgQ_cfl9jQ0

Email authentication partial

SPF

v=spf1 include:spf.messagingengine.com include:amazonses.com include:eu-west-1.amazonses.com include:servers.mcsv.net ?all

neutral (?all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@polypane.app; ruf=mailto:dmarc@polypane.app; fo=1;

policy: none (monitoring only)

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

R12

from 2026-04-25 to 2026-07-24

Expires in 66 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://polypane.app/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy-report-only: default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat