tunnelflight.com

HTML metadata

Title: The IBA - Welcome to the IBA
Description: International Bodyflight Association provides serious enhusiasts and professionals a clear progression for improving their indoor skydiving skills, for both personal and professional goals. The IBA site provides all the tools you need to track your progress through the 140 odd skills currently registered in the curriculum
Language: en

Open Graph

url: /
title: Welcome to the IBA
locale: en
description: International Bodyflight Association provides serious enhusiasts and professionals a clear progression for improving their indoor skydiving skills, for both personal and professional goals. The IBA site provides all the tools you need to track your progress through the 140 odd skills currently registered in the curriculum

Technology

CDN: Cloudflare

Analytics

Cloudflare Insights
Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (10)

cdn.jsdelivr.net×4
cdnjs.cloudflare.com×3
cdn.datatables.net×2
browser.sentry-cdn.com×1
code.jquery.com×1
fonts.googleapis.com×1
static.cloudflareinsights.com×1
tunnelflightiba.s3.us-east-1.amazonaws.com×1
unpkg.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

2004-11-19

Expires

2027-11-19 549 days left

Updated

2025-11-20

Name servers

dale.ns.cloudflare.com
sara.ns.cloudflare.com

DNS records live

NS

dale.ns.cloudflare.com
sara.ns.cloudflare.com

MX

0 tunnelflight-com.mail.protection.outlook.com

TXT

Show 4 TXT records

google-site-verification=k1eOGW81SM6pRc1JqyODmZxfm0HsUZWC-haMqSf3Ilw
v=verifydomain MS=9071609
globalsign-domain-verification=0964451F0F417FF0DA2D1E6482676CAF
google-site-verification=Lt5r0zFWhKkqdrSE5VG0EZHitAYwDTtcmUlR2bJ2UAc

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:spf.mandrillapp.com -all

strict (-all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNNR83mM8paeD+qJIG0DhY9MeT3yu7lnfaCzC+vw91d5jBWLK+b+Pg/j0JGLmg73mHbNuc5lJTQ8tL…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WE1

from 2026-05-12 to 2026-08-10

Expires in 83 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.tunnelflight.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://unpkg.com https://browser.sentry-cdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://js.stripe.com;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net;img-src 'self' data: https: blob:;font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.sentry.io;frame-src 'self' https://www.google.com https://www.youtube.com https://js.stripe.com;object-src 'none';frame-ancestors 'none';base-uri 'self';form-action 'self' https://www.google.com;upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin

Links to (2)

facebook.com×2
youtube.com×2

Linked from (1)

iflyworld.com×2