rarecan.com
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (6)
- www.googletagmanager.com×3
- fonts.googleapis.com×2
- js-eu1.hs-scripts.com×2
- cdn-cookieyes.com×1
- fonts.gstatic.com×1
- gmpg.org×1
Social
Contact
Registration
- Registrar
- GoDaddy.com, LLC
- Created
- 2019-03-19
- Expires
- 2027-03-19 304 days left
- Updated
- 2025-12-18
- Name servers
-
- ns1.siteground.net
- ns2.siteground.net
DNS records live
- NS
-
- ns1.siteground.net
- ns2.siteground.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
google-site-verification=dPVjEr9OCknyHrERYqGwjTW3Mc2FY9FSHH3qYe2Z5cA
Email authentication strong
- SPF
-
v=spf1 include:_spf.google.com include:25896637.spf05.hubspotemail.net ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=reject;policy: reject (enforced) - DKIM
-
- default:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz0C63FhzMNZiz7ef5Cg2gcMasn991qOsZ5BfzXqjAL2rJljkjSP3VclrMzG+hH0yg5ncU9PIpi8LpQhNaZP… - google:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIb39M7hR38wEAuEaWm3zuWuZBemKYMWaED4e102lDEx0MZDZ7htsA8k24qIdpArns3Ox4u7FS1grK…
selectors probed - default:
Certificate (current)
R12
Expires in 67 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- weak frame protection
- weak content type protection
Header values
- referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
geolocation=(), microphone=(), camera=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()- x-content-type-options
nosniff, nosniff- content-security-policy
default-src 'self' https: data:; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://js.hsforms.net https://js.hubspot.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; font-src 'self' https: data: https://fonts.gstatic.com; img-src 'self' https: data: blob: https://www.facebook.com https://www.google-analytics.com; connect-src 'self' https: https://api.hubspot.com https://forms.hsforms.com https://www.google-analytics.com https://analytics.google.com; frame-src 'self' https: https://js.hsforms.net https://www.youtube.com https://player.vimeo.com; form-action 'self' https:; base-uri 'self'; object-src 'none';, default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://js.hsforms.net https://js.hubspot.com https://connect.facebook- strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=63072000; includeSubDomains- cross-origin-opener-policy
unsafe-none- cross-origin-embedder-policy
unsafe-none; report-to='default'- cross-origin-resource-policy
cross-origin