trustcafe.io
HTML metadata
Technology
- CDN
- Amazon CloudFront
- CMS
- Nuxt
DNS records live
- NS
-
- ns-1454.awsdns-53.org
- ns-1877.awsdns-42.co.uk
- ns-447.awsdns-55.com
- ns-529.awsdns-02.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- Verified for
-
Email authentication strong
- SPF
-
v=spf1 include:mail.zendesk.com include:amazonses.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine;policy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M04
Expires in 160 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), display-capture=(), fullscreen=(self "https://www.youtube.com" "https://*.youtube.com" "https://open.spotify.com/embed/*" "https://*.twitter.com" "https://publish.twitter.com/oembed" "https://*.x.com" "https://www.x.com"), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-mGO33PK0MRiSt8jrwOTFxgni'; upgrade-insecure-requests; script-src-elem 'strict-dynamic' 'nonce-mGO33PK0MRiSt8jrwOTFxgni';- strict-transport-security
max-age=15552000; includeSubDomains- cross-origin-opener-policy
same-origin-allow-popups- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin