pub.dev

.dev crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 506 ms crawled 2026-05-18

US · 34.36.0.14 · AS396982 Google LLC

Reputation 100/100

Classifying

HTML metadata

Title

The official repository for Dart and Flutter packages.

Description

Pub is the package manager for the Dart programming language, containing reusable libraries & packages for Flutter and general Dart programs.

Language

en-us

Canonical

https://pub.dev/

Feeds

Recently published packages on pub.dev Atom

Open Graph

url: https://pub.dev/
title: The official repository for Dart and Flutter packages.
site name: Dart packages
description: Pub is the package manager for the Dart programming language, containing reusable libraries & packages for Flutter and general Dart programs.

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (4)

i.ytimg.com×4
www.googletagmanager.com×2
www.gstatic.com×2
fonts.googleapis.com×1

Social

DNS records

MX

0 smtp.google.com

TXT

google-site-verification=C3k_OdhshSLlONW9s05koU4-y3iQcZLTETDw5KGf5m0

Email authentication strong

SPF: v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

WR3

from 2026-05-05 to 2026-08-03

Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://pub.dev/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
x-content-type-options: nosniff
content-security-policy: default-src 'self'; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' https: data:; manifest-src 'none'; object-src 'none'; script-src 'self' https://tagmanager.google.com https://www.googletagmanager.com/ https://www.google.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://adservice.google.com/ https://ajax.googleapis.com/ https://apis.google.com/ https://www.gstatic.com/ https://gstatic.com https://accounts.google.com/gsi/client; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://gstatic.com https://www.gstatic.com/ https://tagmanager.google.com https://accounts.google.com/gsi/style; frame-src 'self' https://www.googletagmanager.com/ https://accounts.google.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload