indexo.dev

blu-h.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-30 · ok HTTP/1.1 200 784 ms crawled 2026-05-30

NL · 94.237.109.250 · AS202053 UpCloud Ltd

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Home - Blu H- Energy
Language
en
Canonical
https://www.blu-h.com/en
Translations
  • en
  • it

Open Graph

url
https://www.blu-h.com/en
title
Home

Technology

Server
nginx
Analytics
  • Google Tag Manager
Cookie consent
  • Iubenda
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • cdn.iubenda.com×2
  • fonts.googleapis.com×2
  • fonts.gstatic.com×1
  • www.googletagmanager.com×1

Social

Contact

Email
Phone

Registration

Registrar
GoDaddy.com, LLC
Created
2021-04-18
Expires
2027-04-18 321 days left
Updated
2025-04-09
Name servers
  • ns67.domaincontrol.com
  • ns68.domaincontrol.com

DNS records live

NS
  • ns67.domaincontrol.com
  • ns68.domaincontrol.com
MX
  • 10 mx-01-eu-central-1.prod.hydra.sophos.com
  • 20 mx-02-eu-central-1.prod.hydra.sophos.com
TXT
  • sophos-domain-verification=3a648c70ac629e79c46761b899ab975b66494e9c
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:_spf.google.com include:dc-aa8e722993._spfm.blu-h.com include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-06 to 2026-07-05
Expires in 34 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.blu-h.com/en

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
sameorigin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com *.g.doubleclick.net; object-src 'self' blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self' data: blob: *.googlesyndication.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.it *.g.doubleclick.net *.jquery.com *.iubenda.com; frame-src 'self' *.google.com *.iubenda.com *.youtube-nocookie.com; font-src 'self' data: *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' blob: *.google.com *.googlesyndication.com *.google-analytics.com maps.googleapis.com *.g.doubleclick.net *.iubenda.com

Links to (3)

Linked from (1)