star-hangar.com
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Server
- nginx
- CMS
- Gatsby
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (3)
- www.googletagmanager.com×3
- widget.trustpilot.com×1
- www.facebook.com×1
Social
Registration
- Registrar
- DreamHost, LLC
- Created
- 2015-03-23
- Expires
- 2027-03-23 307 days left
- Updated
- 2026-02-19
- Name servers
-
- ns-1212.awsdns-23.org
- ns-188.awsdns-23.com
- ns-1975.awsdns-54.co.uk
- ns-620.awsdns-13.net
DNS records live
- NS
-
- ns-1212.awsdns-23.org
- ns-188.awsdns-23.com
- ns-1975.awsdns-54.co.uk
- ns-620.awsdns-13.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
facebook-domain-verification=qcmzbxk7uastio51ntomreipbuqan9
Email authentication strong
- SPF
-
v=spf1 include:_spf.google.com ip4:149.72.89.194 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:joshlee.grad@gmail.com; ruf=mailto:admin@star-hangar.com; pct=30;policy: reject (enforced) · pct=30 - DKIM
-
Show 4 DKIM selectors
- google:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3lbxfn60WMYg591CiPO8l2V/MjPN/h8G1dh8mpMjThYGY0kAJErBDZG2dlc2goke506q0uKyccHm2… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz/8A4feY4fiW/4EHo9rcj+vWKrT8pkpcVQYZQIkw7OdzeBvaSJRKAHEJfaNAAkATjl1yqfGSy0FQOY8ID… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuNPZddnHSRHGsKGSDS8DAW07WuQJupmeaTmFgM5XlnL0WVxlM7oegStWJCqKiVdyI9TzN94qTQe6opayh4Jtnm…
selectors probed - google:
Certificate (current)
R13
Expires in 29 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.googletagmanager.com bat.bing.com connect.facebook.net www.google.com widget.trustpilot.com www.gstatic.com static.ads-twitter.com bat.bing.net https://static.ads-twitter.com www.google-analytics.com assets.adobedtm.com web-sdk.aptrinsic.com google.co.in js.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.googleadservices.com newrelic.com googleads.g.doubleclick.net static.client.cardinaltrusted.com *.cardinaltrusted.com; report-uri /.webscale/csp-report- strict-transport-security
max-age=31536000- content-security-policy-report-only
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payfl