indexo.dev

carplus.pt

.pt crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 965 ms crawled 2026-05-30

CZ · 95.100.146.11 · AS20940 Akamai International B.V.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Compra e Venda de Carros Usados | Stand Online | Carplus
Description
Na Carplus encontra os melhores carros usados e seminovos do mercado. Conheça o nosso stand online e compre carro onde e quando quiser!
Language
pt
Canonical
https://www.carplus.pt/

Technology

JS framework
Nuxt
Analytics
  • Plausible

Third-party hosts loaded (6)

  • plausible.io×2
  • api-carplus-pt-ms.cms.cloud.niw.pt×1
  • api.gsci.pt×1
  • cookies.rigorcg.pt×1
  • stwfccmsprodwesteurope01.blob.core.windows.net×1
  • www.google.com×1

DNS records live

NS
  • dns3.cloudns.net
  • dns4.cloudns.net
  • dns7.cloudns.net
  • dns8.cloudns.net
MX
  • 0 carplus-pt.mail.protection.outlook.com
TXT
  • xyEPVfnhowPIfut0ZyOg03SrlZXeOuvsnlyvSgslLPyl11DgDoEnrsgQsEo4Se6djzCX7epENmC1klrYNL8MDg==
  • ethiack-verification=17d891155f6f50711be0184979278e73394003ec2cceff68767fe90e3690e0bfcfa10b727243161049c092d23bf49cf98c02a72dcb55cea6f6010c6e1287af18
  • Rr3BKcb
Verified for
  • Google
  • Meta
  • Microsoft 365
  • Zoho

Email authentication partial

SPF
v=spf1 ip4:195.23.106.26/32 ip4:195.23.106.27/32 include:trustpilotservice.com include:spf.protection.outlook.com include:eu.zcsend.net include:one.zoho.eu -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc@rigorcg.pt; ruf=mailto:dmarc@rigorcg.pt; sp=none; ri=86400
policy: none (monitoring only) · sp=none
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEKOMz9Y5Q3/F3g0BEh7jjRqYs1sXUMw92ToyHDUULEvK2j/h4mO6uJlgERbz+v0EOByokGdogk5Y0JJQy4U…
selectors probed

Certificate (current)

R12
from 2026-04-14 to 2026-07-13
Expires in 42 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.carplus.pt/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
content-security-policy
default-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://salesassistantstorageprd.blob.core.windows.net https://tags.creativecdn.com https://plausible.io https://*.posthog.com https://perfalytics.com https://cdn.mxpnl.com https://static.zohocdn.com https://cdn-eu.pagesense.io https://media-player.aos.tv https://storage.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://control.lifeonshow.tv https://id.caetanogo.pt https://js.stripe.com https://widget.trustpilot.com https://snap.licdn.com https://s.go-mpulse.net https://*.rigorcg.pt https://www.clarity.ms https://www.google.com https://www.gstatic.com; style-src 'self' https://stackpath.bootstrapcdn.com https://salesassistantstorageprd.blob.core.windows.net https://d14cwy1v1pw9nw.cloudfront.net https://control.lifeonshow.tv https://id.caetanogo.pt https://fonts.googleapis.com
strict-transport-security
max-age=63072000 ; includeSubDomains
cross-origin-resource-policy
cross-origin

Linked from (1)