indexo.dev

carplus.es

.es crawl

First seen 2026-04-13 · Last seen 2026-05-07 · ok HTTP/1.1 200 1098 ms crawled 2026-05-07

DE · 18.198.248.100 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Carplus | Coches de Segunda Mano
Description
Carplus, concesionario de coches de segunda mano y ocasión en Parla, Málaga y Sevilla. Entrega rápida y hasta 24 meses de garantía.
Language
es
Canonical
https://www.carplus.es/

Technology

Analytics
  • Plausible

Third-party hosts loaded (6)

  • plausible.io×2
  • stwfccmsprodwesteurope01.blob.core.windows.net×2
  • api-carplus-es-ms.cms.cloud.niw.pt×1
  • api.gsci.pt×1
  • cookies.rigorcg.pt×1
  • www.google.com×1

DNS records live

NS
  • dns39.servidoresdns.net
  • dns40.servidoresdns.net
MX
  • 1 carplus-es.mail.protection.outlook.com
TXT
Show 4 TXT records
  • MS=ms68917575
  • v=DMARC1; p=none; rua=mailto:admin@caetanoretail.es;
  • zoho-verification=zb33960320.zmverify.zoho.eu
  • zoho-verification=zb58727645.zmverify.zoho.eu

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net include:zoho.com include:spf.autopilothq.com include:sendgrid.net include:eu.zcsend.net include:one.zoho.eu -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-07 to 2026-07-06
Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.carplus.es/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
content-security-policy
default-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.caetanogo.es https://www.google.com https://salesassistantstorageuat.blob.core.windows.net https://tags.creativecdn.com https://plausible.io https://eu.posthog.com https://perfalytics.com https://cdn.mxpnl.com https://static.zohocdn.com https://cdn-eu.pagesense.io https://media-player.aos.tv https://storage.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://control.lifeonshow.tv https://js.stripe.com https://widget.trustpilot.com https://snap.licdn.com https://s.go-mpulse.net https://*.rigorcg.pt https://www.clarity.ms; style-src 'self' https://salesassistantstorageuat.blob.core.windows.net https://stackpath.bootstrapcdn.com https://d14cwy1v1pw9nw.cloudfront.net https://control.lifeonshow.tv https://*.caetanogo.es https://fonts.googleapis.com/
strict-transport-security
max-age=63072000 ; includeSubDomains
cross-origin-resource-policy
cross-origin

Linked from (3)