indexo.dev

coinlist.co

.co crawl

First seen 2026-04-13 · Last seen 2026-05-15 · ok HTTP/1.1 200 1315 ms crawled 2026-05-07

US · 172.66.145.226 · AS13335 Cloudflare, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
CoinList
Language
en

Technology

CDN
Cloudflare
CMS
Next.js
Analytics
  • Cloudflare Insights

Third-party hosts loaded (2)

  • dynamic-rainbow-6ac4f6a411.media.strapiapp.com×16
  • static.cloudflareinsights.com×1

Social

Contact

Email

DNS records live

NS
  • jeff.ns.cloudflare.com
  • sara.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
Show 10 TXT records
  • hcp-domain-verification=716b4ce746a21274550eb99f2ff2b45429445548993ece821182b1c32b6dc0ef
  • knowbe4-site-verification=79ed36498ce2b41e98707f3f791f2508
  • linear-domain-verification=jq4rntqbfgu2
  • new-relic-domain-verification=dc639ffff8d44912911c93da56843b9c
  • status-page-domain-verification=5pg2v13gvg2r
  • verification_token=X4RA6PZtPS5ytTDKfStnxVevK
  • zapier-domain-verification-challenge=7209a3c7-abba-4e13-a0e2-d0da9c69d956
  • detectify-verification=cc660651890af0da7ca003bc986657cf
  • facebook-domain-verification=gej85zo1x8thtlqjod6mdvlwvu74fz
  • google-site-verification=d84oBlwME7B-qZMSV6caPzD815WsZV965OBwlTMPPw8

Email authentication strong

SPF
v=spf1 include:sendgrid.net include:_spf.google.com include:_spf.sumsub.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:212538f1d4114587b16938fbaae6e89a@dmarc-reports.cloudflare.net,mailto:dmarc@coinlist.co; adkim=r; aspf=r; fo=1; pct=100; ri=86400;
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjtrL5+Zkgw0/3ObVZZl34jbddKrBRYB4tvvMzyEKVfPOsOGSQQ2pBO1Q/wwC6AkwQ4GzNsjBeSSr9…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6NRtEKoCNdKY8X1vbbtQ4Qr9jhpGErGW8cVnxFT3xe1tvGjI4+l4L/J4kuh5Wu0WFiFIUAi7o/0zgUuYdp…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq/wiNxLpErLeEKVaGyb0bPbjOkWx6VM796RFE206uYNCxAB2A+hMnltnR0mkcql7uckWBrWO85MrQ9vtlqaqLM4…
selectors probed

Certificate (current)

E8
from 2026-04-20 to 2026-07-19
Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://coinlist.co/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.amplitude.com https://challenges.cloudflare.com https://static.cloudflareinsights.com; connect-src 'self' https://*.amplitude.com https://api.amplitude.com https://api2.amplitude.com https://*.ingest.us.sentry.io https://api.sumsub.com https://auth.privy.io https://privy.coinlist.co https://rpc.walletconnect.com https://rpc.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org https://relay.walletconnect.com https://relay.walletconnect.org https://pulse.walletconnect.com https://pulse.walletconnect.org https://api.web3modal.com https://api.web3modal.org https://keys.walletconnect.com https://keys.walletconnect.org https://notify.walletconnect.com https://echo.walletconnect.com https://echo.walletconnect.org https://push.walletconnect.com https://push.walletconnect.org https://explorer-api.walletconnect.com https://cca-lite.coinbase.com https://apple.com/apple-pay https://www.apple.com/apple-pay http

Links to (3)

Linked from (5)