indexo.dev

bananamoon.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1974 ms crawled 2026-05-19

US · 104.18.13.91 · AS13335 Cloudflare, Inc.

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Banana Moon® - Swimsuit & Bikini - Official E-Shop
Description
Homepage custom fields
Language
en
Canonical
https://www.bananamoon.com/en/
Translations
  • en ×2
  • es
  • fr
  • it
  • nl

Technology

CDN
Cloudflare
CMS
Gatsby
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • sdk.privacy-center.org×1
  • www.googletagmanager.com×1

Social

Contact

Phone
Address
6 Avenue Albert II, 98000, Monaco, MC

Registration

Registrar
CSC Corporate Domains, Inc.
Created
1997-08-01
Expires
2026-07-31 71 days left
Updated
2025-07-27
Name servers
  • mario.ns.cloudflare.com
  • meg.ns.cloudflare.com

DNS records live

NS
  • mario.ns.cloudflare.com
  • meg.ns.cloudflare.com
MX
  • 10 mccompany.in.tmes.trendmicro.eu
TXT
  • MS=9DCFEC501E6DB5F76841EDC57A8DA55664B2B466
  • tmes=c55f21827f665bd3a9b52cfedb1c1003
Verified for
  • Apple

Email authentication partial

SPF
v=spf1 mx a:mail.mccompany.mc ip4:153.92.234.131 include:spf.tipimail.com include:spf.splio.com include:sendgrid.net include:spf.mailjet.com include:spf.protection.outlook.com include:_spf.cegid.com ip4:80.94.107.165 -all
strict (-all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNvn5apmq7GjkIpDtHN8JmOwZQxZvGDuecwRgCw7/ctJPhdevn8/fNW8aawAfNv7FrL4VwsScMWWq6U6e4…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVzgdmqhoqD5tLWyB/9MP1QSSWeJ4jhMa53FGY5Iv65tRG5RUTUAGwN0+scQl16KzIgNrPI3h8mME+19I8CxJgfh…
selectors probed

Certificate (current)

WE1
from 2026-05-14 to 2026-08-12
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.bananamoon.com/en/

present
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • missing Content Security Policy
  • weak frame protection
  • weak content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-content-type-options
nosniff, nosniff
content-security-policy-report-only
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com *.googleapis.com https://www.gstatic.com data: fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com

Links to (4)

Linked from (3)