toph.co
toph.co
HTML metadata
Social
Contact
- Address
- st a contestAcademic programHandbookPricing© 2026
DNS records live
- NS
-
- ns1.linode.com
- ns2.linode.com
- ns3.linode.com
- ns4.linode.com
- ns5.linode.com
- MX
-
- 10 in1-smtp.messagingengine.com
- 20 in2-smtp.messagingengine.com
- Verified for
-
- Meta
Email authentication strong
- SPF
-
v=spf1 a mx include:spf.mtasv.net include:spf.messagingengine.com include:servers.mcsv.net include:amazonses.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@toph.co,mailto:re+wcjk3uubump@dmarc.postmarkapp.com; sp=quarantine; aspf=r;policy: quarantine · sp=quarantine - DKIM
- no key found at common selectors
Certificate (current)
E8
Expires in 73 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- cross-origin-opener-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
sameorigin- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.toph.co 'unsafe-eval' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' wss: ws.toph.co static.toph.co uploads.toph.co o28885.ingest.sentry.io; script-src 'self' *.toph.co 'unsafe-eval' 'unsafe-inline' hcaptcha.com *.hcaptcha.com; frame-src 'self' *.toph.co hcaptcha.com *.hcaptcha.com; style-src 'self' *.toph.co 'unsafe-inline' hcaptcha.com *.hcaptcha.com; frame-ancestors 'self' *.toph.co;- strict-transport-security
max-age=63072000; includeSubDomains; preload- cross-origin-opener-policy
same-origin
Links to (6)
- facebook.com×2
- furqansoftware.com×2
- github.com×2
- linkedin.com×2
- t.me×2
- x.com×2