receipts-app.com

.com crawl

First seen 2026-04-21 · Last seen 2026-05-18 · ok HTTP/1.1 200 1104 ms crawled 2026-05-14

CH · 149.126.4.46 · AS47302 cyon AG

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title

Receipts Space – Documents & Receipts for Mac

Description

Receipts Space is a private, local document and receipt hub for macOS. Import from PDF/email/scans, OCR extraction, automation, and a clear financial overview. Try it now for free!

Language

Generator

Proprietary tool based on Vite SSG, see https://holtwick.de/blog/website-ssg

Canonical

https://receipts-app.com/

Translations

Feeds

Receipts Mac App (de) RSS

Open Graph

url: https://receipts-app.com/
title: Receipts Space – Documents & Receipts for Mac
video: https://video.holtwick.de/videos/embed/mAkY1dP2tnPp2FnYNZ1Swk?autoplay=1&title=0&warningTitle=0
locale: en
site name: Receipts Mac App
video:type: text/html
description: Receipts Space is a private, local document and receipt hub for macOS. Import from PDF/email/scans, OCR extraction, automation, and a clear financial overview. Try it now for free!
video:width: 1280
video:height: 720

Registration

Registrar

Key-Systems GmbH

Created

2016-08-05

Expires

2026-08-05 77 days left

Updated

2026-04-15

Name servers

ns1.cyon.ch
ns2.cyon.ch

DNS records live

NS

ns1.cyon.ch
ns2.cyon.ch

MX

0 receipts-app.com

TXT

google-site-verification=M_ikLFF71l5M8jOXsUwfpSVnCoEkHM1KkvR6rRNjDW0

Email authentication partial

SPF

v=spf1 include:spf.protection.cyon.net -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26UeVOK+UriyqIFyjHU7aFhpX3gbYAPZJRe2Dp0ECoyHEePlucV9muL2LjJx5eInUELijv0RNe8kyx…

selectors probed

Certificate (current)

R13

from 2026-04-10 to 2026-07-09

Expires in 50 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://receipts-app.com/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: same-origin
permissions-policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=(self), cross-origin-isolated=*, display-capture=(self), document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=(self), midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.holtwick.de *.pdfify.app *.receipts-app.com *.apperdeck.com *.youtube.com *.ytimg.com *.replies.io *.paddle.com *.paddlecdn.com *.paddlepay.com *.profitwell.com *.cloudflare.com cdnjs.cloudflare.com *.sentry.io *.sentry-cdn.com *.cloudfront.net *.report-uri.com *.stripe.com *.stripe.network fonts.googleapis.com fonts.gstatic.com *.localizecdn.com *.spreedly.com;
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (1)

holtwick.de×2