biedronka.pl

.pl crawl

First seen 2026-05-27 · Last seen 2026-05-31 · ok HTTP/1.1 200 623 ms crawled 2026-05-30

FR · 135.125.122.137 · AS16276 OVH SAS

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Strona główna - Biedronka.pl
Description: Oficjalna strona sieci sklepów Biedronka. Informacje o produktach, oferty promocyjne, przepisy i lokalizator sklepów. Codziennie niskie ceny - sprawdź!
Language: pl

Open Graph

title: Strona główna – Biedronka.pl
description: Oficjalna strona sieci sklepów Biedronka. Codziennie niskie ceny – sprawdź!

Technology

jQuery: 3.5.0

Third-party hosts loaded (1)

code.createjs.com×1

Social

DNS records live

NS

ns1.domena.pl
ns2.domena.pl
ns3.domena.pl

MX

5 webmail.biedronka.pl

TXT

91c2142f-7217-4c11-8022-3c05975caa6f
_cf-custom-hostname.zakupy.biedronka.pl

Verified for

Google

Email authentication partial

SPF: v=spf1 mx ip4:135.125.122.136 ip4:146.59.231.49 ip4:185.31.83.89/29 include:_spf.gammanet.pl a:production.eu01.biedronka.demandware.net a:production.eu02.biedronka.demandware.net include:jmpovh.hyperlab.pl include:_spf.emaillabs.net.pl include:e.e.home.biedronka.pl -all
strict (-all)
DMARC: v=DMARC1; p=none; rua=mailto:dmarc@biedronka.pl; ruf=mailto:dmarc@biedronka.pl;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

Certum DV TLS G2 R39 CA

from 2026-01-19 to 2027-01-19

Expires in 233 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.biedronka.pl/pl

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' in.hotjar.com s3-eu-west-1.amazonaws.com s7g10.scene7.com static-jmpovh.hyperlab.pl maps.googleapis.com analytics.tiktok.com popups.landingi.com stats.landingi.com region1.google-analytics.com vc.hotjar.io lightboxes.landingi.com tagmanager.landingi.io app.push-ad.com www.google-analytics.com geolocation.onetrust.com stats.g.doubleclick.net api3.push-ad.com ct.pinterest.com app2.push-api.pl track.push-ad.com cdn.cookielaw.org static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net tr.snapchat.com dmp.push-api.pl ams.creativecdn.com jmp-privacy.my.onetrust.com cdn.jsdelivr.net tr6.snapchat.com *.crazyegg.com cdn.biedronka.cloud; script-src 'self' data: http: https: 'unsafe-inline' 'unsafe-eval' s7g10.scene7.com cdn-jmpovh.hyperlab.pl static-jmpovh.hyperlab.pl maps.googleapis.com code.jquery.com www.youtube.com lf16-tiktok-web.t
strict-transport-security: max-age=31536000; includeSubDomains

Links to (16)

Linked from (13)