tigyog.app
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Next.js
- Analytics
-
- Google Tag Manager
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (3)
- accounts.google.com×1
- www.googletagmanager.com×1
- www.youtube.com×1
Social
DNS records live
- NS
-
- harlee.ns.cloudflare.com
- ivan.ns.cloudflare.com
- MX
-
- 79 route2.mx.cloudflare.net
- 79 route3.mx.cloudflare.net
- 93 route1.mx.cloudflare.net
- TXT
-
v=spf1 include:_spf.mx.cloudflare.net ~all
- Verified for
-
Certificate (current)
WE1
Expires in 32 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
DENY- content-security-policy
default-src 'self' https://tigyog.app; connect-src 'self' https://tigyog.app https://*.google-analytics.com https://accounts.google.com; script-src 'self' https://tigyog.app http://www.googletagmanager.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://accounts.google.com https://js.stripe.com/ 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' https://tigyog.app https://accounts.google.com 'unsafe-inline'; style-src 'self' https://tigyog.app https://accounts.google.com/ https://lh3.googleusercontent.com/ 'unsafe-inline'; font-src 'self' https://tigyog.app data:; frame-src 'self' https://tigyog.app * data:; img-src 'self' https://tigyog.app data: https://www.google.com https://www.google.co.uk; object-src 'self' https://tigyog.app data: