indexo.dev

alcopa-auction.es

.es crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 9326 ms crawled 2026-05-05

GB · 3.9.176.6 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector automotive type homepage

HTML metadata

Title
Alcopa Auction - Primer operador de Subastas de Automóviles de Ocasión
Description
Alcopa Auction le ofrece subastas de vehículos de ocasión de todo tipo. Somos el primer operador de subastas en coches usados de segunda mano. Subastas online y presenciales en 8 salas de subastas en Francia y España. ¡Visítenos!
Language
es

Open Graph

url
https://www.alcopa-auction.es/
title
Alcopa Auction - Primer operador de Subastas de Automóviles de Ocasión
description
Alcopa Auction le ofrece subastas de vehículos de ocasión de todo tipo. Somos el primer operador de subastas en coches usados de segunda mano. Subastas online y presenciales en 8 salas de subastas en Francia y España. ¡Visítenos!

Technology

Server
nginx
CMS
Gatsby
Analytics
  • Google Tag Manager
Cookie consent
  • Cookiebot
Fonts
  • Google Fonts
Social widgets
  • YouTube Embed
Third-party hosts loaded (7)
  • api.payzen.eu×3
  • fonts.googleapis.com×3
  • images.prismic.io×2
  • consent.cookiebot.com×1
  • fonts.gstatic.com×1
  • www.googletagmanager.com×1
  • www.youtube.com×1

Social

DNS records live

NS
  • dns113.ovh.net
  • ns113.ovh.net
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • v=spf1 include:sendgrid.net mx ~all
Verified for
  • Google

Certificate (current)

E7
from 2026-03-25 to 2026-06-23
Expires in 33 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.alcopa-auction.es/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=(), payment=(), usb=(), fullscreen=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.gstatic.com http://*.gstatic.com https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.cookiebot.com https://static.cdn.prismic.io https://*.cdn.prismic.io https://api.payzen.eu https://*.autodisol.com https://connect.facebook.net http://connect.facebook.net https://cdn.datatables.net https://snap.licdn.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.payzen.eu https://cdn.datatables.net; img-src 'self' data: https: http:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://region1.analytics.google.com https:
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-opener-policy
unsafe-none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin

Links to (5)

Linked from (1)