ush.it

.it crawl

First seen 2026-06-03 · Last seen 2026-06-04 · ok HTTP/1.1 200 727 ms crawled 2026-06-03

US · 172.67.169.110 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: ush.it - a beautiful place

Technology

CDN: Cloudflare
CMS: Gatsby

DNS records live

NS

newt.ns.cloudflare.com
tina.ns.cloudflare.com

MX

20 mail.ush.it

Verified for

Google

Email authentication weak

SPF

v=spf1 mx a ~all

softfail (~all)

DMARC

not published

DKIM

default: v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WXdMzm9pglKl10Xtw2WTUI7tIDv8mzEU+zmCYYvN8N8MGlTLJr9+rmTk61mIvHzbjYiGjNWLvazaBM7Q+Ysn…

selectors probed

Certificate (current)

WE1

from 2026-05-05 to 2026-08-03

Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.ush.it/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin
x-frame-options: sameorigin
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; prefetch-src 'self'; child-src 'self'; frame-src 'self'; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; manifest-src 'self'
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: same-site

Links to (6)

Linked from (1)

digitalbullets.org×1