indexo.dev

colasrail.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1976 ms crawled 2026-05-18

FR · 212.129.20.34 · AS12876 Scaleway SAS

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Generator
Gatsby 4.25.9

Technology

CMS
Gatsby

Registration

Registrar
Namebay SAM
Created
2007-05-10
Expires
2027-05-10 355 days left
Updated
2025-10-16
Name servers
  • ns01.eolas.fr
  • ns02.eolas.fr
  • ns03.eolas-dns.eu

DNS records live

NS
  • ns01.eolas.fr
  • ns02.eolas.fr
  • ns03.eolas-dns.eu
MX
  • 5 colas.in.tmes.trendmicro.eu
TXT
Show 7 TXT records
  • apple-domain-verification=XvhivEOwYz8pPZfM
  • tmes=c29c680fedad958bbf2b04a9cfdf3184
  • fe44fc07-a6c2-4067-93a7-1c27da2b84d5
  • MS=ms30844501
  • access-domain-verification=c34ed4379f1b1ec5cfdd9c88473470288cbd3a654ad13a12296bccad82b46a03
  • google-site-verification=AZ5FiffdYzfsKjoFLFCyH-Gl-G2--XKiQ7kgjpSyDjc
  • PX0ys-DxZD3qc2e6q4bUxNQazoHOeZJuryeOTt0vrPo

Email authentication partial

SPF
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all
strict (-all)
DMARC
v=DMARC1; p=none; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0P76z3j5LT17aDhxR5J23wmuVdG4wJpvq4+FqMLJiT64nD5LYI0o9wMgCJhBjqW9GXRYX4nuW51HRMZPYSA…
selectors probed

Certificate (current)

R12
from 2026-05-14 to 2026-08-12
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://colasrail.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; default-src https: 'self'; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'self' https://www.youtube.com https://consent.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://matomo.publicisfrance.com https://matomo.colas.com https://consentcdn.cookiebot.com https://www.google.com https://www.google.com/recaptcha https://www.gstatic.com https://s.go-mpulse.net https://snap.licdn.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self'; base-uri 'self'; worker-src 'self'; frame-ancestors 'self'; object-src 'self'; form-action 'self';
strict-transport-security
max-age=31536000; includeSubDomains; preload

Linked from (2)