indexo.dev

belcolade.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-31 · ok HTTP/1.1 200 901 ms crawled 2026-05-31

BE · 217.19.237.54 · AS34762 Combell NV

Reputation 79/100 multiple spf records dmarc monitor-only

Classifying

HTML metadata

Title
Belcolade
Description
Elevate your chocolate-based creations with Belcolade's Real Belgian chocolate. Crafted for professionals, by professionals since 1988.
Language
en
Canonical
https://www.belcolade.com/en-en
Translations
  • en ×2
  • fr ×2
  • de
  • it
  • nl
  • pt
  • ro
  • tr
  • uk

Open Graph

url
https://www.belcolade.com/en-en

Technology

CDN
Azure Front Door
Analytics
  • Google Tag Manager
Fonts
  • Font Awesome

Third-party hosts loaded (2)

  • use.fontawesome.com×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
Created
1999-07-22
Expires
2026-07-22 51 days left
Updated
2025-07-23
Name servers
  • ns1.combell.eu
  • ns3.combell.net
  • ns4.combell.net

DNS records live

NS
  • ns1.combell.eu
  • ns3.combell.net
  • ns4.combell.net
MX
  • 0 belcolade-com.mail.protection.outlook.com
Verified for
  • Google
  • Meta
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:145639517.spf08.hubspotemail.net -all
strict (-all) · multiple SPF records
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MvceOg5rDEn5W+ODEBd9kfAJbTpGx7W8BR+xWRm1H7yHD61O2y+/ZwlNnlSqB6Qu+/se2hd2ma4xs…
selectors probed

Certificate (current)

E8
from 2026-04-30 to 2026-07-29
Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.belcolade.com

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.hs-analytics.net *.hs-scripts.com *.hs-banner.com js.hscta.net js-eu1.hscta.net *.hubspot.com blob:; script-src 'self' https: *.visualwebsiteoptimizer.com cdn.jsdelivr.net app.vwo.com *.hs-analytics.net *.hsforms.net *.hs-scripts.com *.hs-banner.com cdn.pushcrew.com js.hscta.net js-eu1.hscta.net *.hubspot.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' https: *.google.com *.googletagmanager.com cdn.jsdelivr.net *.google-analytics.com *.hsforms.net *.enquete.agconsult.com js-eu1.hscta.net use.fontawesome.com bat.bing.com snap.licdn.com a.omappapi.com *.visualwebsiteoptimizer.com app.vwo.com *.hs-analytics.net *.hs-scripts.com *.hs-banner.com cdn.pushcrew.com recaptcha.net *.
strict-transport-security
max-age=63072000; includeSubDomains

Links to (2)

Linked from (2)