sexyfans.app

.app crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 3065 ms crawled 2026-05-18

US · 208.91.204.20 · AS40539 Hosting Consulting, Inc

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title: Sexyfans.app - Only Fans of Dating Apps Welcome
Description: The Only Dating App for Fans to Meetup with Local Content Creators..

Technology

Server: nginx

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

cdn.jsdelivr.net×2
fonts.googleapis.com×2
ajax.googleapis.com×1
fonts.gstatic.com×1
www.googletagmanager.com×1

Contact

Email

Phone

877-717-3257

DNS records live

NS

ns0.reflected.net
ns1.reflected.net

MX

10 mail.answer-pro.com

Email authentication strong

SPF

v=spf1 include:mail.zendesk.com mx -all

strict (-all)

DMARC

v=DMARC1; p=quarantine

policy: quarantine

DKIM

mail: v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYuVmQY/OjDV01VEBLcwbbOSp+rjVzomPvTY5AWoS3qCiTxasTaI0e5LKvm…

selectors probed

Certificate (current)

from 2026-04-13 to 2026-07-12

Expires in 54 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.sexyfans.app/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/

Links to (1)

ccbill.com×4

Linked from (2)

realcasualsex.com×2
twerkqueens.com×1