streetmix.net

.net crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1956 ms crawled 2026-05-19

US · 172.67.213.174 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

sector tech type homepage

HTML metadata

Title: Streetmix
Description: A collaborative civic engagement platform for urban design. Design, remix, and share your neighborhood street with Streetmix.
Language: en
Canonical: https://streetmix.net/

Open Graph

url: https://streetmix.net/
title: Streetmix
description: A collaborative civic engagement platform for urban design. Design, remix, and share your neighborhood street with Streetmix.

Technology

CDN: Cloudflare

Social widgets

Twitter Widget

Third-party hosts loaded (1)

platform.twitter.com×1

Registration

Registrar

Cloudflare, Inc.

Created

2013-01-31

Expires

2027-01-31 256 days left

Updated

2026-01-01

Name servers

buck.ns.cloudflare.com
rosa.ns.cloudflare.com

DNS records live

NS

buck.ns.cloudflare.com
rosa.ns.cloudflare.com

MX

Show 8 MX records

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
10 in1-smtp.messagingengine.com
10 mxa.mailgun.org
20 in2-smtp.messagingengine.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

pinterest-site-verification=5e072e7ae5f98c18f9201a4d9a6fb09b
google-site-verification=51txsUWaP5OfV0mFO8vqN_08Ky2VO5-S1_Yq6VKvajE

Email authentication partial

SPF

v=spf1 include:spf.messagingengine.com include:mailgun.org include:_spf.google.com ?all

neutral (?all)

DMARC

v=DMARC1; p=none; rua=mailto:lou@streetmix.net

policy: none (monitoring only)

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

WE1

from 2026-04-02 to 2026-07-01

Expires in 43 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://streetmix.net/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' checkout.stripe.com;script-src 'self' platform.twitter.com streetmix.auth0.com *.basemaps.cartocdn.com api.geocode.earth checkout.stripe.com plausible.io static.cloudflareinsights.com;worker-src 'self';child-src platform.twitter.com;frame-ancestors 'self' https:;frame-src 'self' streetmix.github.io checkout.stripe.com;img-src 'self' blob: data: *.basemaps.cartocdn.com abs.twimg.com pbs.twimg.com *.stripe.com;object-src 'self' abs.twimg.com pbs.twimg.com syndication.twitter.com platform-lookaside.fbsbx.com s.gravatar.com *.googleusercontent.com res.cloudinary.com *.wp.com cdn.auth0.com;font-src 'self';connect-src 'self' api.geocode.earth syndication.twitter.com sentry.io streetmix.auth0.com checkout.stripe.com plausible.io buttondown.com buttondown.email cloudflareinsights.com;report-uri /services/csp-report/;base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
strict-transport-security: max-age=5184000
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin

Links to (1)

enable-javascript.com×3

Linked from (2)

aresluna.org×2
mordstreifen.de×1