shoecarnival.com
shoecarnival.com
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Gatsby
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- OneTrust
- Fonts
-
- Google Fonts
Third-party hosts loaded (8)
- scvl.a.bigcontent.io×12
- cdn.media.amplience.net×7
- fonts.googleapis.com×2
- cdn.cookielaw.org×1
- fonts.gstatic.com×1
- try.abtasty.com×1
- www.google.com×1
- www.googletagmanager.com×1
Registration
- Registrar
- Network Solutions, LLC
- Created
- 1998-03-02
- Expires
- 2035-03-01 3206 days left
- Updated
- 2025-03-02
- Name servers
-
- cbru.br.ns.els-gms.att.net
- cmtu.mt.ns.els-gms.att.net
DNS records live
- NS
-
- cbru.br.ns.els-gms.att.net
- cmtu.mt.ns.els-gms.att.net
- MX
-
- 0 scvl-com.mail.protection.outlook.com
- TXT
-
Show 4 TXT records
amazonses:TvO3lsMmUKFtOwQW9krGoS585XuNEXFQTMaTLryMNqo=vfnzUvfCkGSaGnXEWjmbVYrNMDousI4ojLOoH13GQ7NkfKsuDSUj6ih1GHfYz/oBSiaf8Fobrd7jREJ8dn4EjQ==_knu0kcs26g5zyvfixa97f0aqsd1h7v3_4ikts650x5k6yzqx2eub2mzonl1xrz6
- Verified for
-
- Meta
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf1.shoecarnival.com include:_spf.createsend.com include:spf3.shoecarnival.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine;policy: quarantine - DKIM
-
- k1:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOtzNoPySTcGXld401oh3LlUeDbuaLnTscrHGGdPfeGRsp1osPbh/elDaIBuai2ILV2nhqaztdXnEp+DO9Zl/G+rVwDzpN…
selectors probed - k1:
Certificate (current)
E8
Expired 30 days ago
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- referrer-policy
- cross-origin-resource-policy
- findings
-
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src *.ipredictive.com *.amazon-adsystem.com *.cdn.content.amplience.net cdn.media.amplience.net cdn.static.amplience.net *.staging.bigcontent.io *.attn.tv 'self' 'unsafe-eval' https://service.force.com/ https://capig.shoestation.com *.bazaarvoice.com uk.cdn-net.com six.cdn-net.com mpsnare.iesnare.com https://secure.cataboom.com/ *.my.site.com shoecarnivalsf360.my.salesforce.com *.facebook.com *.facebook.net ad.doubleclick.net td.doubleclick.net 9132531.fls.doubleclick.net *.googleapis.com *.googletagmanager.com *.doubleclick.net *.google.com *.youtube.com https://na-assets.playground.klarnaservices.com js.klarna.com js.playground.klarna.com x.klarnacdn.net *.klarnaservices.com *.klarna.com *.clarity.ms *.abtasty.com *.paypal.com *.paypalobjects.com https://account.venmo.com *.pbbl.co *.pinterest.com api.radar.io https://us.creativecdn.com/ *.sentry.io services.sheerid.com https://cdn.sitevibes.com tcapi.io *.wisepops.com https://wisepops.net *.zmags.com *.afterpay.com *.usablen- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-resource-policy
same-origin- content-security-policy-report-only
default-src 'self' *.klarna.com *.klarnaservices.com *.paypal.com *.paypalobjects.com *.afterpay.com *.cash.app *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.doubleclick.net *.amazon-adsystem.com *.bazaarvoice.com *.amplience.net cdn.cookielaw.org *.fullstory.com *.abtasty.com *.evergage.com *.sentry.io *.tiktok.com *.bing.com *.creativecdn.com *.mountain.com *.wisepops.com *.forter.com *.sitevibes.com *.thrive.today *.pbbl.co *.attn.tv *.ipredictive.com *.algolia.net *.algolianet.com *.onetrust.com *.pinterest.com *.adroll.com *.jsdelivr.net *.cloudfront.net *.typekit.net; script-src 'self' js.klarna.com x.klarnacdn.net *.paypal.com *.afterpay.com *.cash.app *.squarecdn.com *.google.com *.googletagmanager.com *.facebook.net 'unsafe-inline' cdn.cookielaw.org *.fullstory.com *.abtasty.com *.evergage.com *.googleapis.com storage.googleapis.com *.mountain.com loader.wisepops.com *.thrive.today *.pbbl.co *.attn.tv *.ipredictive.com *.jsd