wafaa.io

.io crawl

First seen 2026-04-28 · Last seen 2026-04-28 · ok HTTP/1.1 200 374 ms crawled 2026-05-06

US · 172.66.168.113 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Digital Contracts In Minutes | Try Wafaa For Free
Description: Create, sign, and send digital contracts with Wafaa—simple, secure agreements with complete documentation for all parties.
Language: en
Canonical: https://wafaa.io

Open Graph

title: How To Create A Secure Contract In Minutes — With Wafaa
description: Handshakes don't hold up in court. See how easy it is to create, sign, and send a secure contract with Wafaa

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights
Google Tag Manager

Third-party hosts loaded (2)

static.cloudflareinsights.com×3
www.googletagmanager.com×2

DNS records live

NS

abdullah.ns.cloudflare.com
margaret.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

linkedin-site-verification=415530f1-cb0c-4569-90a7-ba4b3c8a5be7

Verified for

Google
Meta

Email authentication strong

SPF

v=spf1 include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:72dd68ca917748cbb0c23ee1c89687b1@dmarc-reports.cloudflare.net,mailto:dmarc@wafaa.io; ruf=mailto:dmarc@wafaa.io; fo=1

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFYnKqH1S1O7CdcFZcgSQzqdZ7d1G0oyn3fCMcPYHx2SVdNDt+1apZQD3CYc2NYVdyqklwhkFImW0p…

selectors probed

Certificate (current)

WE1

from 2026-04-30 to 2026-07-29

Expires in 70 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://wafaa.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(), microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; base-uri 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cdnjs.cloudflare.com https://www.gravatar.com; object-src 'none'; script-src 'self' 'nonce-ZTcwZGZmNTctODA4Ni00NDQwLThmOGMtYjczOWI2YTUyMzNl' 'strict-dynamic' https://www.googletagmanager.com https://static.cloudflareinsights.com https://challenges.cloudflare.com blob: 'nonce-fccbf4d2-fdc2-4cd6-b058-4551f33576e0'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://challenges.cloudflare.com https://api.wafaa.io; frame-src 'self' https://challenges.cloudflare.com; worker-src 'self' blob:; upgrade-insecure-requests
strict-transport-security: max-age=15552000; includeSubDomains; preload

Linked from (1)

pitchwall.co×1