ximalaya.com

.com toplist crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1687 ms crawled 2026-05-18

CN · 101.91.134.127 · AS4811 China Telecom Group

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: 喜马拉雅-国内专业音频分享平台,随时随地,听我想听！
Description: 国内专业音频分享平台，随时随地，听我想听！4亿用户选择的在线音频平台。马东、郭德纲、吴晓波等20多万大咖入驻，1亿多条原创有声内容覆盖有声书、儿童、相声评书、财经新闻、音乐等328类。
Canonical: https://www.ximalaya.com/

Technology

Server: CW

Third-party hosts loaded (4)

s1.xmcdn.com×12
imagev2.xmcdn.com×3
award.xmcdn.com×1
fdfs.xmcdn.com×1

Contact

Email

jubao@ximalaya.com

Phone

Registration

Registrar

Xin Net Technology Corporation

Created

1999-01-31

Expires

2027-01-31 257 days left

Updated

2021-12-09

Name servers

ns3.dnsv5.com
ns4.dnsv5.com

DNS records live

NS

ns3.dnsv5.com
ns4.dnsv5.com

MX

10 mxw.mxhichina.com
5 mxn.mxhichina.com

CNAME

waf.c.ximalaya.com

TXT

Show 5 TXT records

_globalsign-domain-verification=0Sh1uhyp4pYdFarECIxIk97AlWFnTIKLVpVicFHudB
_globalsign-domain-verification=FMEhLijk10aIvt8Wc1TZDh9k35amDKvQZubHgeKKSM
kzh8qxrcbjmhb6pwd2djrh35r5n9ndlh
xmyxv5l9rp3mp32qw860xjbvrtl86965
ckfcq5A9IZqvn2wgfRbCpsQW9OWFnAePe49g0wsDuMs=

Email authentication weak

SPF: v=spf1 include:spf.mxhichina.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2026-01-19 to 2027-02-20

Expires in 277 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.ximalaya.com/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src * blob:; img-src * data: blob: resource: *.xmcdn.com *.ximalaya.com; connect-src * wss: blob: resource:; frame-src 'self' *.ximalaya.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com s.union.360.cn 360fenxi.mediav.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.xmcdn.com *.ximalaya.co hm.baidu.com s.union.360.cn cpro.baidustatic.com pos.baidu.com dup.baidustatic.com zz.bdstatic.com b.bdstatic.com jspassport.ssl.qhimg.com webcert.cnmstl.net *.geetest.com *.geevisit.com *.gsensebot.com ipv6.shuzilm.cn hdaa.shuzilm.cn; style-src 'self' 'unsafe-inline' *.xmcdn.com *.ximalaya.com *.geetest.com *.geevisit.com *.gsensebot.com resource:; frame-ancestors *.ximalaya.com;