zootickets.app
zootickets.app
HTML metadata
Technology
- Server
- Heroku
Third-party hosts loaded (2)
- openlayers.org×2
- web.statistics.zoo2go.app×1
DNS records live
- NS
-
- freedns1.registrar-servers.com
- freedns2.registrar-servers.com
- freedns3.registrar-servers.com
- freedns4.registrar-servers.com
- freedns5.registrar-servers.com
- Verified for
-
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 29 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer, strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' data: *.zoo2go.com zoo2go.com *.zoo2go.app zoo2go.app *.paypal.com http://localhost:5000; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoo2go.app openlayers.org js.stripe.com https://www.paypal.com/sdk/js; style-src 'self' 'unsafe-inline' openlayers.org; base-uri 'self'; img-src 'self' *.zoo2go.com zoo2go.com *.zoo2go.app zoo2go.app www.paypalobjects.com storage.googleapis.com cdn.weatherapi.com data:; font-src 'self' data:; frame-src 'self' *.zoo2go.com js.stripe.com *.paypal.com; manifest-src 'self'; worker-src blob:; frame-ancestors 'self'; upgrade-insecure-requests- strict-transport-security
max-age=63072000