scope360.io
scope360.io
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Nuxt
- Ads
-
- Meta Pixel
Third-party hosts loaded (3)
- connect.facebook.net×2
- static.ads-twitter.com×2
- www.facebook.com×1
Social
DNS records live
- NS
-
- alex.ns.cloudflare.com
- melany.ns.cloudflare.com
- MX
-
- 1 smtp.google.com
- TXT
-
cryptomus=57b7a830
- Verified for
-
- Brevo
- Google Workspace
Email authentication weak
- SPF
- not published
- DMARC
-
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.compolicy: none (monitoring only) - DKIM
-
- mail:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed - mail:
Certificate (current)
WE1
Expires in 82 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src * 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-tqSxUuyn41TikkDfeB7E6MC+'; upgrade-insecure-requests; default-src 'self' http: https: data: blob: 'unsafe-inline';- strict-transport-security
max-age=63072000- cross-origin-resource-policy
same-origin
Links to (7)
- youtube.com×1
- x.com×1
- t.me×1
- instagram.com×1
- google.com×1
- featureos.app×1
- apple.com×1
Linked from (1)
Use this data via API
Everything on this page for scope360.io is available as JSON from the indexo.dev REST & MCP API.
curl "https://indexo.dev/api/v1/domains/scope360.io" \ -H "X-API-Key: idx_..."