indexo.dev

boto.io

.io crawl

First seen 2026-04-21 · Last seen 2026-05-12 · ok HTTP/1.1 200 1562 ms crawled 2026-05-15

AU · 103.169.142.0 · AS209242 Cloudflare London, LLC

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Boto.io - Goodbye
Language
en-GB

Open Graph

title
Boto.io - Goodbye

Technology

CDN
Cloudflare

DNS records live

NS
  • ns65.domaincontrol.com
  • ns66.domaincontrol.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • canva-domain-verify=0d3f50c7-1b9d-4708-a8ee-d6a64d256d5d

Email authentication weak

SPF
v=spf1 include:dc-aa8e722993._spfm.boto.io ~all
softfail (~all)
DMARC
not published
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop8qd0mE4Y1zvOy3GqjMFtq4KSAWbbpNuoXb2ndPuZqUL9b0xm2AKGn0tlgPGfKzhRWF8/p3YTzWYn…
selectors probed

Certificate (current)

WR1
from 2026-05-08 to 2026-08-06
Expires in 78 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://boto.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-6971c396-4a23-46ef-8ffa-8a54d127a290' 'wasm-unsafe-eval' https://www.google.com/recaptcha/api.js;
strict-transport-security
max-age=31536000

Linked from (1)