sundayapp.io

.io crawl

First seen 2026-05-11 · Last seen 2026-05-11 · ok HTTP/1.1 200 4466 ms crawled 2026-05-17

US · 34.107.245.192 · AS396982 Google LLC

Reputation 100/100

sector tech type homepage

HTML metadata

Title: sunday - pay faster
Language: en

Technology

Third-party hosts loaded (1)

firestore.googleapis.com×2

DNS records

Email authentication strong

SPF

v=spf1 include:spf.sendinblue.com mx ~all

softfail (~all)

DMARC

v=DMARC1;p=reject;sp=reject;rua=mailto:dmarc@mailinblue.com!10m,mailto:dmarc_agg@vali.email;ruf=mailto:dmarc@mailinblue.com!10m;rf=afrf;pct=100;ri=86400

policy: reject (enforced) · sp=reject

DKIM

mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuMpmxc44+pnZ4FB16YhtFK3vyk9WGS+rlsM0jDuloCgGYRxdLoMHG17g+HkVmlblKO799h8Q9gXdO21U5…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58zh45zwBooMBuOm8VdABfmUF1KUql/7BwK2N65ukS7rI8dRwsC0RrSpqbKJJC2wSwg1wEWppKLDPnOReo…

selectors probed

Certificate (current)

R13

from 2026-04-13 to 2026-07-12

Expires in 54 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://sundayapp.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(self "https://pay.google.com/gp/p/js/pay.js" "https://js.stripe.com"), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' https://*.amplitude.com https://js.checkout.com/framesv2/log https://browser-intake-datadoghq.eu https://firestore.googleapis.com https://firebasestorage.googleapis.com/v0/b/ https://www.google.com/pay https://google.com/pay https://pay.google.com https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://*.litix.io https://*.mux.com https://www.hippopotamus.fr/api/rss https://www.aubureau.fr/api/rss https://www.restaurantleon.fr/api/rss https://www.volfoni.fr/api/rss https://develop--euphonious-sundae-404962.netlify.app/api/rss-joyo https://app.overfull.fr https://bookings.zenchef.com https://cc-volfoni.next.cashsystemes.com https://commande.aubureau.fr https://commande.hippopotamus.fr https://commande.restaurantleon.fr https://commande.volfoni.fr https://commandes.restaurantleon.fr https://cw.mypi.net https://hippopotamus.byclickeat.fr https://piclick.mypi.net https://www.goodmeal.fr https://labonneapp.res
strict-transport-security: max-age=31536000

Linked from (1)

vapiano.fr×1