indexo.dev

carvel.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-07 · ok HTTP/1.1 200 1293 ms crawled 2026-05-08

US · 104.209.178.67 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
Carvel Ice Cream & Cakes | America's Freshest Ice Cream | Carvel
Description
Carvel is the original neighborhood ice cream shoppe with premium ice cream, take-home treats and handmade cakes, all nearby.
Language
en
Canonical
https://www.carvel.com

Open Graph

url
https://www.carvel.com
title
Carvel Ice Cream & Cakes | America's Freshest Ice Cream | Carvel
locale
en_US
description
Visit Carvel for America's freshest ice cream, cakes, and shakes. Find a local shop for custom cakes, soft serve, and novelty treats, or order for delivery.

Technology

CDN
Cloudflare
CMS
Next.js
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • cdn.optimizely.com×1
  • images.ctfassets.net×1
  • resources.digital-cloud-west.medallia.com×1
  • truyoproductionuscdn.truyo.com×1
  • www.google.com×1
  • www.googletagmanager.com×1

Registration

Registrar
MarkMonitor Inc.
Created
1999-04-15
Expires
2027-04-15 331 days left
Updated
2025-03-14
Name servers
  • ha1.markmonitor.zone
  • ha2.markmonitor.zone
  • ha3.markmonitor.zone
  • ha4.markmonitor.zone

DNS records live

NS
  • ha1.markmonitor.zone
  • ha2.markmonitor.zone
  • ha3.markmonitor.zone
  • ha4.markmonitor.zone
MX
  • 10 us-smtp-inbound-1.mimecast.com
  • 10 us-smtp-inbound-2.mimecast.com
TXT
Show 16 TXT records
  • fb-prod-utility.azurewebsites.net
  • MoyGl0I2dwIAXh/z5hSaTwacTwce/ihjMOnbDb/q5wZeZ6glzLt2YWS6Hf/xfRyUJ19HDxQ0jl+DGLu1ZXdmoA==
  • fb-sitecore-prod-cd.azurewebsites.net.
  • smartsheet-site-validation=_Sopj-XISzoNTon5C9yvJ67R6HVtbpjj
  • google-site-verification=7oZ0DkrNni5V0iB5E0sK-ZJ8QXc-U1KTISOMcQanGcw
  • ibmid=4b2ba6ca-9799-472d-8718-583d708fa676
  • atlassian-domain-verification=yL9rtb1CxUM7r6WMcutM27g7Jflrl12h5JZtaipFPr0fnpdIAy0Dwy3X2xh0W0d0
  • kMBJgJVzUqVmGxd2RqJXb48FZXOC/pMhGJOzJAhSUXdGY+UU72U+/HSyNIXYU67Sx05e8hJlNk/6SZkzANfd/g==
  • google-site-verification=dykQmjv7wImkOmRlz3HKAqdJUeXiQp4xk_CMOISn-NQ
  • facebook-domain-verification=junjokatg7l7e845rmb73hy1os89ji
  • ZOOM_verify_BpHgvJh1TPuMugpGTP6s1Q
  • FFkOOQpHOhzVyAVcQL/MXabn3Qo36QcHQkeoA2PoTZZ1aYrnhnVD+EUMpMiasviL2OawCFaYr385zDO6eSl8sA==
  • google-site-verification=d1dQeySTugTIZ4vNFpoSdyPLLtlb0hKX5AdrYdlWUkQ
  • webexdomainverification.J8G4=7de4f091-56ff-42de-87cf-e6b6bb07611a
  • duo_sso_verification=tbVBhYnJjUPTttUKy4fT3VLDgo4xF1rWM6CqM6XrZh8GwilQ0tsv0njE2H0Edkyu
  • box-domain-verification=ef723833912567302b68da96e8a8d1e03329235a7d485b11c94078804dc8b9ff

Email authentication strong

SPF
v=spf1 include:_spf.carvel_com._d.easydmarc.pro ~all
softfail (~all)
DMARC
v=DMARC1;p=reject;pct=100;rua=mailto:16223669ec@rua.easydmarc.us;ruf=mailto:16223669ec@ruf.easydmarc.us;ri=86400;fo=1;
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

GeoTrust TLS RSA CA G1
from 2025-10-30 to 2026-12-01
Expires in 196 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.carvel.com/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP uses wildcard sources
  • missing frame protection
Header values
referrer-policy
no-referrer-when-downgrade
permissions-policy
camera=(self), battery=(self), browsing-topics=(), geolocation=(self)
x-content-type-options
nosniff
content-security-policy
object-src 'self' data:; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://*.contentful.com https://x.c.cinnabonswirl.com/; https://truyostagingcdn.truyo.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://resources.digital-cloud-west.medallia.com/ http://resources.digital-cloud-west.medallia.com/ https://www.googletagmanager.com https://va.vercel-scripts.com/ https://cdn.quantummetric.com/ https://bat.bing.com/ https://sc-static.net/ https://static.hotjar.com/ https://js.adsrvr.org/ https://s.adroll.com/ https://connect.facebook.net/ https://try.abtasty.com/ https://tags.srv.stackadapt.com/ http://rum-static.pingdom.net/ https://analytics.tiktok.com/ https://d.adroll.com/ https://tr.snapchat.com/ https://truyoproductionuscdn.truyo.com/ https://vercel.live/ https://script.hotjar.com/ https://md-scp.kampyle.com/ https://hpc.uat.freedompay.com/ https://client.px-cloud.net/ https://olocdnsandbox.s3.amazonaws.com https://hpc.freedompay.com h
strict-transport-security
max-age=31536000; includeSubDomains; preload

Linked from (2)