vantagepro.app
HTML metadata
Technology
- Server
- nginx
- CMS
- Next.js
Contact
- Phone
DNS records live
- NS
-
- ns-cloud-d1.googledomains.com
- ns-cloud-d2.googledomains.com
- ns-cloud-d3.googledomains.com
- ns-cloud-d4.googledomains.com
- MX
-
- 10 mx.zoho.in
- 20 mx2.zoho.in
- 50 mx3.zoho.in
- Verified for
-
Email authentication weak
- SPF
- not published
- DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 35 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; script-src 'self' 'nonce-A7ugpJRcrNpl++BXY1N+sg==' 'strict-dynamic' https:; connect-src 'self' http://localhost:3001 ws://localhost:3001 ws://localhost:3001 https://api.cashfree.com https://sandbox.cashfree.com https://sdk.cashfree.com https://*.cashfree.com https://*.sentry.io; frame-src 'self' blob: https://www.vantagepro.app https://www.google.com https://api.cashfree.com https://sandbox.cashfree.com https://*.cashfree.com; media-src 'self' blob: data: https:; worker-src 'self' blob:; upgrade-insecure-requests- strict-transport-security
max-age=31536000; includeSubDomains; preload