tikkie.me
tikkie.me
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Server
- AmazonS3
- CMS
- Next.js
- JS framework
- Next.js
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (1)
- www.googletagmanager.com×1
DNS records live
- NS
-
- ns-1186.awsdns-20.org
- ns-119.awsdns-14.com
- ns-1998.awsdns-57.co.uk
- ns-738.awsdns-28.net
- MX
-
- 1 aspmx.l.google.com
- 10 aspmx2.googlemail.com
- 10 aspmx3.googlemail.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
QuoVadis=b157f458-6955-41a3-9b70-b5f58457adeee95d5c9f-5df0-4ab7-934f-059154469de2-20082018
- Verified for
-
Email authentication strong
- SPF
-
v=spf1 include:spf.flowmailer.net include:spf.mailjet.com include:_spf.google.com -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.emailpolicy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M04
Expires in 100 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *;- strict-transport-security
max-age=31536000; includeSubDomains; preload