toloka.ai
toloka.ai
HTML metadata
Technology
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (6)
- framerusercontent.com×97
- fonts.gstatic.com×2
- app.sourceloop.ai×1
- events.framer.com×1
- js-eu1.hs-scripts.com×1
- www.googletagmanager.com×1
Registration
- Registrar
- SafeNames Ltd.
- Created
- 2020-04-03
- Expires
- 2028-04-03 683 days left
- Updated
- 2026-04-01
- Name servers
-
- ns1-38.azure-dns.com
- ns2-38.azure-dns.net
- ns3-38.azure-dns.org
- ns4-38.azure-dns.info
DNS records live
- NS
-
- ns1-38.azure-dns.com
- ns2-38.azure-dns.net
- ns3-38.azure-dns.org
- ns4-38.azure-dns.info
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
Show 7 TXT records
atlassian-sending-domain-verification=292078fb-08aa-425f-812e-65a96a52f62fBED107E86Eattio-domain-verification=WZJFZHQ7G9R0XFV18ZXZA7J0carta-domain-verification-4yxxvw=J3a0tlbSaXHlVbNaxBgrWxEHEcloudflare_dashboard_sso=6cdc390c7cf1b13eea83c730c5c7e7f0braintrust-domain-verification-rx4ybq=pb4RSbhI5KPdj6fhwRAo7Tpumbrowserstack-domain-verification=f2157278-6958-40f4-9e51-1a243535017b
- Verified for
-
- Anthropic
- Atlassian
- DocuSign
- Meta
- Microsoft 365
- OpenAI
- Slack
- Stripe
- Zapier
Email authentication strong
- SPF
-
v=spf1 include:mail.zendesk.com include:26617556.spf04.hubspotemail.net include:mg-spf.greenhouse.io include:_spf.google.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@toloka.aipolicy: quarantine · sp=quarantine - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClP5uO58sjVfq79+W5S3w0bofTISqoSpYDytRFr1tw3k1WZLnI2G92LFQiFv9/p4zHpcIzoscQihz0PPnNWt… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA… - mail:
v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeCNGFgMkdTDl0BjoromIpG3yPTBSxQnjykqU4X0DRnpB0pYLPegTkqZnIpK4/KNfGA7L48jP/BPf9s…
selectors probed - google:
Certificate (current)
R13
Expires in 67 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.redditstatic.com px.ads.linkedin.com js.zi-scripts.com stats.g.doubleclick.net login.microsoftonline.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com api-eu1.hubapi.com hubspot-forms-static-embed-eu1.s3.amazonaws.com https://tlkfrontprod.azureedge.net toloka.dev sandbox.toloka.dev https://events.framer.com https://framerusercontent.com https://c.bing.com https://*.clarity.ms https://mindrift.ai pixel-config.reddit.com api.framer.com https://app.framerstatic.com boards-api.greenhouse.io https://agent.tendem.ai https://shoutout.io https://app.sourceloop.ai https://ejhrxxuydfvlkdokwrid.functions.supabase.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager- strict-transport-security
max-age=31536000- cross-origin-opener-policy
same-origin- cross-origin-resource-policy
same-origin