waitlister.me
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Nuxt
- Analytics
-
- Cloudflare Insights
Third-party hosts loaded (6)
- bookface-images.s3.amazonaws.com×2
- firebasestorage.googleapis.com×2
- is1-ssl.mzstatic.com×2
- challenges.cloudflare.com×1
- ph-avatars.imgix.net×1
- static.cloudflareinsights.com×1
Social
Contact
- Address
- st solution for your product launch.StripeClimate Partner© 2026
DNS records live
- NS
-
- lamar.ns.cloudflare.com
- mira.ns.cloudflare.com
- MX
-
- 10 mx1.privateemail.com
- 10 mx2.privateemail.com
- TXT
-
firebase=waitinglist-app-c24fcgoogle-site-verification=79NstUEEGY8g8TA5k7ht_ksRHygU6FnxsETQoscOsqIhosting-site=waitinglist-app-c24fc
Email authentication partial
- SPF
-
v=spf1 include:spf.privateemail.com include:_spf.firebasemail.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
-
- default:
v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZN2TR1XXA7GJPdQwxbX4vcPFj7YzlSH6MJsz+z5N+LyrPxC82GUyF8xBeYc80bnNQtkrMk1uzBoqMGl…
selectors probed - default:
Certificate (current)
WE1
Expires in 23 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.firebaseapp.com https://apis.google.com https://www.googletagmanager.com https://js.stripe.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https:; media-src 'self' blob: https://firebasestorage.googleapis.com; connect-src 'self' data: https://www.google.com https://www.google.co.nz https://www.google.co.uk https://www.google.com.au https://www.google.co.in https://www.google.ca https://www.google.de https://www.google.fr https://www.google.co.jp https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://challenges.cloudflare.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://www.google-analyt- strict-transport-security
max-age=31536000; includeSubDomains; preload
Links to (3)
- linkedin.com×1
- stripe.com×1
- x.com×1