indexo.dev

app-wallee.com

.com crawl

First seen 2026-04-16 · Last seen 2026-05-08 · ok HTTP/1.1 200 277 ms crawled 2026-05-11

US · 104.20.0.136 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Log in
Language
en

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Registration

Registrar
GoDaddy.com, LLC
Created
2016-08-25
Expires
2027-08-25 462 days left
Updated
2024-08-26
Name servers
  • nitin.ns.cloudflare.com
  • pam.ns.cloudflare.com

DNS records live

NS
  • nitin.ns.cloudflare.com
  • pam.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 aspmx2.googlemail.com
  • 10 aspmx3.googlemail.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com

Email authentication strong

SPF
v=spf1 include:customeriomail.com include:stspg-customer.com include:_spf.google.com include:mail.zendesk.com include:amazonses.com include:mailgun.org ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; pct=100
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6ZBo73ODV4T7Z7tdiE0miACEeYVmnVngD8jue6aLf2P6UAPhlQKpdSvRa6znKaT/k63/2Tx23JXdc…
selectors probed

Certificate (current)

Sectigo RSA Domain Validation Secure Server CA
from 2025-11-13 to 2026-12-15
Expires in 209 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://app-wallee.com/user/login

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: blob: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.c
strict-transport-security
max-age=15552000; includeSubDomains; preload

Links to (1)

Linked from (1)