indexo.dev

coinmate.io

.io crawl

First seen 2026-06-01 · Last seen 2026-06-01 · ok HTTP/1.1 200 272 ms crawled 2026-06-02

US · 104.26.0.82 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Safe European crypto exchange | Coinmate.io
Description
We're the biggest Czech crypto exchange. Our fees are fair and customers trust us since 2014. You can buy or sell cryptocurrencies with us safely and easily.
Language
en

Technology

CDN
Cloudflare
CMS
WordPress
JS framework
Angular 19.2.15
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • i.ytimg.com×2
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1

DNS records live

NS
  • albert.ns.cloudflare.com
  • alina.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • bw=w542wYHsrkBwdxTCN6KQN4ocG1y0oCdmhHuxQqkrhARy
Verified for
  • Anthropic
  • Google

Email authentication strong

SPF
v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine;
policy: quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN9kDorFArvtD0ZU/Qy7WYCChHvqkNmq37BNB1hUmRlu+LNz8zU7zU94NF0PNovVz4AxwDnbo3xgAc…
selectors probed

Certificate (current)

WE1
from 2026-05-29 to 2026-08-27
Expires in 86 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://coinmate.io/en

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' surveys-static-prd.survicate-cdn.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com surveys-static-prd.survicate-cdn.com; img-src 'self' data: blob: coinmate.io i.ytimg.com img.sct.eu1.usercentrics.eu res.cloudinary.com www.google.com www.google.cz www.googletagmanager.com googleads.g.doubleclick.net pagead2.googlesyndication.com c.seznam.cz bat.bing.com www.facebook.com track.adform.net; media-src 'self' data:; frame-src 'self' blob: challenges.cloudflare.com connect.notabene.id connect.trezor.io consentcdn.cookiebot.eu www.youtube.com; script-src 'self' 'unsafe-inline' cdn.seondf.com challenges.cloudflare.com connect.notabene.id consent.cookiebot.eu consentcdn.cookiebot.eu one.one.one.one survey.survicate.com surveys-static-prd.survicate-cdn.com *.getsitecontrol.com www.googletagmanager.com 'unsafe-eval' c.seznam.cz www.google-analytics.com www.google.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin

Links to (5)

Linked from (2)