indexo.dev

cafeplusco.pl

.pl crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 1415 ms crawled 2026-05-30

PL · 195.136.145.102 · AS20804 Exatel S.A.

Reputation 100/100

Classifying

HTML metadata

Title
Wynajem oraz dzierżawa urządzeń,automatów vendingowych,automaty sprzedające dla firm,przekąski, napoje, kawę dla biur
Description
Wynajem oraz dzierżawa urządzeń,automatów vendingowych,automaty sprzedające dla firm,przekąski, napoje, kawę dla biur
Language
pl-PL

Technology

Server
nginx
jQuery
1.12.4 known XSS (<3.5)
Stack
PHP

Third-party hosts loaded (3)

  • api.bls.pl×1
  • www.facebook.com×1
  • www.google.com×1

Contact

Phone

DNS records live

NS
  • dns3.expo-net.com.pl
  • dns4.expo-net.com.pl
MX
  • 10 mail.cafeplusco.com
  • 20 smtp.cafeplusco.com
Verified for
  • Microsoft 365

Email authentication strong

SPF
v=spf1 mx mx:mail.cafeplusco.com mx:smtp.cafeplusco.com a:mail.delikomat.pl a:wien.cafeplusco.com a:backupmail.cafeplusco.com ip4:95.215.194.162 ip4:91.241.35.162 ip4:62.218.22.220 ip4:86.59.12.154 ip4:62.218.28.242 include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
v=DMARC1; p=reject
policy: reject (enforced)
DKIM
  • default: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKekGaJyairV+YEKaDuR3Ram1L1eOenejPD8Spz1uT3m6KnOW1jomPABMNbnq6Yob4JgKK3Uhuj59bIlQ27BUh8VJbx…
selectors probed

Certificate (current)

R13
from 2026-05-17 to 2026-08-15
Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.cafeplusco.pl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • weak frame protection
  • weak content type protection
Header values
referrer-policy
strict-origin
x-frame-options
SAMEORIGIN, sameorigin
permissions-policy
geolocation=self
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://geowidget.easypack24.net https://api.bls.pl https://ajax.googleapis.com https://googleapis.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://geowidget.easypack24.net https://api.bls.pl https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; frame-src 'self' https://www.google.com/recaptcha/; connect-src 'self' https://www.google.com/recaptcha/ https://www.google-analytics.com https://region1.google-analytics.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site

Links to (2)

Linked from (1)