indexo.dev

waiverforever.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2422 ms crawled 2026-05-19

US · 172.67.152.97 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Language
en

Technology

CDN
Cloudflare
Analytics
  • Google Analytics
  • Google Tag Manager
  • Hotjar
Ads
  • Google Ads
  • Google Ads (DoubleClick)
  • Meta Pixel
Cookie consent
  • Cookiebot
Third-party hosts loaded (10)
  • consent.cookiebot.com×2
  • www.googletagmanager.com×2
  • connect.facebook.net×1
  • consentcdn.cookiebot.com×1
  • ct.capterra.com×1
  • googleads.g.doubleclick.net×1
  • script.hotjar.com×1
  • static.hotjar.com×1
  • www.google-analytics.com×1
  • www.googleadservices.com×1

Registration

Registrar
NameCheap, Inc.
Created
2012-09-07
Expires
2026-09-07 109 days left
Updated
2025-08-08
Name servers
  • janet.ns.cloudflare.com
  • jerome.ns.cloudflare.com

DNS records live

NS
  • janet.ns.cloudflare.com
  • jerome.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 aspmx2.googlemail.com
  • 10 aspmx3.googlemail.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
Verified for
  • Google
  • Microsoft 365
  • Stripe

Email authentication partial

SPF
v=spf1 include:mail.zendesk.com include:spf.mandrillapp.com ?all
neutral (?all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-05-15 to 2026-08-13
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.waiverforever.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: 'unsafe-eval' *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.dev-waiverforeverk8s.com; font-src 'self' data: 'unsafe-eval' *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.dev-waiverforeverk8s.com *.gstatic.com *.googleapis.com; script-src 'self' data: 'unsafe-eval' *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.dev-waiverforeverk8s.com 'unsafe-inline' 'unsafe-eval' *.cal.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.hotjar.com *.stripe.com *.cloudflare.com *.cloudflareinsights.com *.ctctcdn.com *.vimeocdn.com *.facebook.net cdn.jsdelivr.com *.cookiebot.com *.clarity.ms *.licdn.com bat.bing.com bat.bing.net *.linkedin.com hm.baidu.com; child-src 'self' data: 'unsafe-eval' *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.dev-waiverforeverk8s.com *.amazonaws.com *.cloudfront.net *.vimeo.com *.doubleclick.net code.jquery.com; style-
strict-transport-security
max-age=31536000; includeSubDomains

Linked from (6)