indexo.dev

autocheck.com

.com crawl

First seen 2026-04-11 · Last seen 2026-04-28 · ok HTTP/1.1 200 2840 ms crawled 2026-05-18

US · 45.60.62.122 · AS19551 Incapsula Inc

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
AutoCheck.com | Homepage | AutoCheck.com
Description
Experian AutoCheck vehicle history reports unlock a vehicle's accident history, mileage, ownership info and more for smart car buying and selling.
Language
en

Technology

Server
Apache
CMS
Gatsby
Analytics
  • Google Tag Manager

Third-party hosts loaded (3)

  • www.googletagmanager.com×2
  • tags-cdn.clarivoy.com×1
  • www.google.com×1

Registration

Registrar
Network Solutions, LLC
Created
1999-05-03
Expires
2031-05-03 1808 days left
Updated
2026-03-04
Name servers
  • exp1.experian.com
  • exp4.experian.com
  • exp5.experian.com

DNS records live

NS
  • exp1.experian.com
  • exp4.experian.com
  • exp5.experian.com
MX
  • 10 mxa-001a8401.gslb.pphosted.com
  • 10 mxb-001a8401.gslb.pphosted.com
TXT
Show 7 TXT records
  • PlzxRlTOe4G9gRPcx/RNMcAIm5JvPBwq/Evy92idtt0UgEJlkncDhDt4IY8O1EeqrbV5+NzyP5M1LpkclKgD7w==
  • GD4zhRk8hDa00Aeus4TYKTqADIPXo/j4ilqnDOJFyqx0Ywpy74YWWoo5oEfjR7pi0IhPi8EGHO5KN+NfwOajjQ==
  • 0c067c19-828d-4727-ba5a-2b338869eab5
  • 4979d7a9-95da-45d6-8256-46c06692b137
  • 51ec14c0-d7ef-4def-9243-272daac23121
  • safebreach-domain-verification=ab4d8381-cecb-4afe-a036-38ff6e7f51ba
  • fe20fc33-ae84-4bd6-b076-54e0a7aa9a61
Verified for
  • GlobalSign
  • Microsoft 365

Email authentication weak

SPF
not published
DMARC
v=DMARC1; p=none; fo=1; rua=mailto:dmarc_agg@auth.returnpath.net; ruf=mailto:dmarc_afrf@auth.returnpath.net
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA EV R36
from 2026-03-10 to 2027-04-10
Expires in 324 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.autocheck.com/vehiclehistory/?siteID=0

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • permissions-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
Header values
permissions-policy
fullscreen=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob: *.autocheck.com research.carmax.org tags-cdn.clarivoy.com *.in.treasuredata.com bcove.video players.brightcove.net *.youtube.com *.gstatic.com *.google.com h.online-metrix.net bat.bing.com *.cloudfront.net sp.analytics.yahoo.com autocheck.vast.com *.hotjar.com *.yimg.com *.optimost.com secure.statcounter.com *.doubleclick.net *.salesforceliveagent.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.experian.com *.googleapis.com fonts.gstatic.com *.techvalidate.com *.demdex.net *.cloudflare.com *.bootstrapcdn.com *.youtube-nocookie.com cdnjs.cloudflare.com; connect-src 'self' blob: https://clarivoy-api.herokuapp.com https://us01.records.in.treasuredata.com *.google.com *.autocheck.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.clarivoy.com cdnjs.cloudflare.com research.carmax.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.google-analytics.com *.google.com *.salesforceliveagent.com *.google
strict-transport-security
max-age=3153600; includeSubDomains;preload

Linked from (4)