stayfree.app — domain check, WHOIS, DNS & reputation

HTML metadata

Title

StayFree | Vanlife & Camping App

Description

StayFree Vanlife & Camping App with over 100,000 campsites close to nature. Whether you're looking for wild camping, motorhome pitches, private pitches, agritourism, campsites, microcamping, or service stations, StayFree has everything you need for your camping adventures.

Language

en

Canonical

https://www.stayfree.app/en/

Translations

de
en
es
fr
it
nl
no
sv

Open Graph

url: https://www.stayfree.app/en/
title: StayFree | Vanlife & Camping App
locale: en_US
description: StayFree Vanlife & Camping App with over 100,000 campsites close to nature. Whether you're looking for wild camping, motorhome pitches, private pitches, agritourism, campsites, microcamping, or service stations, StayFree has everything you need for your camping adventures.
locale:alternate: nl_NL

Technology

CDN: Cloudflare

Fonts

Google Fonts

Third-party hosts loaded (3)

res.cloudinary.com×28
fonts.googleapis.com×4
fonts.gstatic.com×1

Social

DNS records live

NS

kenia.ns.cloudflare.com
marek.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Verified for

Ahrefs
Google

Email authentication strong

SPF

v=spf1 include:amazonses.com include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@stayfree.app

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T97wgfki5Um4ge2GgaYEN3RPNy1LM+XNTTH20Gd9IF331fCxgpSzNEMdbSMnnFdHFZ+Cneb3ErJUe…

selectors probed

Certificate (current)

WE1

from 2026-05-14 to 2026-08-12

Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.stayfree.app/en/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src 'self';script-src 'self' 'strict-dynamic' https://upload-widget.cloudinary.com https://widget.cloudinary.com https://cs.iubenda.com https://cdn.iubenda.com https://embeds.iubenda.com 'nonce-09c8d67f2a15b597b531998d5373e54b';script-src-elem 'self' 'strict-dynamic' https://upload-widget.cloudinary.com https://widget.cloudinary.com https://cs.iubenda.com https://cdn.iubenda.com https://embeds.iubenda.com 'nonce-09c8d67f2a15b597b531998d5373e54b';style-src 'self' https://fonts.googleapis.com https://widget.cloudinary.com https://upload-widget.cloudinary.com 'unsafe-inline';img-src 'self' data: https: https://res.cloudinary.com https://static.wixstatic.com https://images.unsplash.com;connect-src 'self' https://api.stayfree.app https://res.cloudinary.com https://api.cloudinary.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://idb.iu
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin

Links to (13)

Linked from (1)

campio.no×1