wakatime.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1087 ms crawled 2026-05-19

US · 143.198.244.187 · AS14061 DigitalOcean, LLC

Reputation 100/100

Classifying

HTML metadata

Title: WakaTime - AI coding analytics for developers
Description: Open source IDE plugins for programmers.
Language: en
Canonical: https://wakatime.com/

Open Graph

title: WakaTime - Dashboards for developers
locale: en_US
site name: WakaTime
description: Open source IDE plugins for programmers.

Technology

Server: nginx
CMS: Gatsby

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×2
fonts.gstatic.com×1

Social

Registration

Registrar

NameCheap, Inc.

Created

2013-10-09

Expires

2033-10-09 2698 days left

Updated

2024-07-23

Name servers

ns-1412.awsdns-48.org
ns-1733.awsdns-24.co.uk
ns-368.awsdns-46.com
ns-591.awsdns-09.net

DNS records live

NS

ns-1412.awsdns-48.org
ns-1733.awsdns-24.co.uk
ns-368.awsdns-46.com
ns-591.awsdns-09.net

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

MS=344204AC68BC13FB938F955F780F66E37251CB19

Verified for

Google

Email authentication strong

SPF

v=spf1 include:_spf.google.com ip4:204.220.181.96 -all

strict (-all)

DMARC

v=DMARC1; p=reject; sp=reject; adkim=r; aspf=r; rua=mailto:3bca3d665311907a9472c2b8373ab3f6-d@dmarc.report-uri.com!10m; ruf=mailto:3bca3d665311907a9472c2b8373ab3f6-d@dmarc.report-uri.com!10m; rf=afrf; pct=100; ri=86400

policy: reject (enforced) · sp=reject

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzMFGe/mEqEkWsHw6bfrQbiDQ7JnXrr7QD2l0n228yoju6smWw/69ennmDy8w3pApkaiIxS2zQX8wwcF8PaW…

selectors probed

Certificate (current)

R13

from 2026-04-13 to 2026-07-12

Expires in 53 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://wakatime.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://*.siteassist.io https://cnrib24ur3hk4b49.public.blob.vercel-storage.com/; img-src 'self' data: https://cdn.loom.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://*.siteassist.io; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://*.siteassist.io; media-src 'self' https://*.amazonaws.com; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.loom.com/ player.vimeo.com https://*.siteassist.io; object-src 'self'; connect-src 'self' https://www.google.com/ https://avatar-cdn.atlassian.com https://*.siteassist.io https://cnrib24ur3hk4b49.public.blob.vercel-storage.com/;
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin