urlunicorn.com

.com crawl

First seen 2026-04-23 · Last seen 2026-05-17 · ok HTTP/1.1 200 9103 ms crawled 2026-05-17

US · 13.33.235.107 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

sector tech type app saas

HTML metadata

Title: URL Unicorn - URL Shortener with Analytics & QR Codes
Description: Shorten URLs with custom branding, real-time analytics, and integrated QR code generation. The ultimate URL shortening solution for businesses and marketers.
Language: en
Canonical: https://urlunicorn.com/

Open Graph

url: https://urlunicorn.com
title: URL Unicorn - Premium URL Shortener
site name: URL Unicorn
description: Shorten URLs with custom branding, real-time analytics, and integrated QR code generation.

Technology

CDN: Amazon CloudFront
Server: AmazonS3

Fonts

Google Fonts

Third-party hosts loaded (5)

accounts.google.com×2
fonts.googleapis.com×2
cdnjs.cloudflare.com×1
fonts.gstatic.com×1
js.stripe.com×1

Registration

Registrar

IONOS SE

Created

2026-01-20

Expires

2027-01-20 246 days left

Updated

2026-01-20

Name servers

ns-1088.awsdns-08.org
ns-1573.awsdns-04.co.uk
ns-235.awsdns-29.com
ns-805.awsdns-36.net

DNS records live

NS

ns-1088.awsdns-08.org
ns-1573.awsdns-04.co.uk
ns-235.awsdns-29.com
ns-805.awsdns-36.net

MX

10 inbound-smtp.us-east-1.amazonaws.com

TXT

google-site-verification=0ookQl7lNaZutdeV5Z8tPitbAM-zbm5tj4oaC4hjRYY

Email authentication weak

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M01

from 2026-01-20 to 2027-02-19

Expires in 276 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://urlunicorn.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://snapitanalytics.com https://accounts.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://unpkg.com https://cdn.tailwindcss.com https://api.web3forms.com https://www.googletagmanager.com https://sphinxagent.ai; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; img-src 'self' data: blob: https:; connect-src 'self' https: wss:; frame-src 'self' https://accounts.google.com https://js.stripe.com https://*.google.com; object-src 'none'; base-uri 'self'
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none