indexo.dev

contimex.cz

.cz crawl

First seen 2026-05-22 · Last seen 2026-05-31 · ok HTTP/1.1 200 6347 ms crawled 2026-05-28

FR · 5.135.49.188 · AS16276 OVH SAS

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Úvod | Marketingová agentura Contimex
Language
cs

Technology

Server
openresty
CMS
Gatsby
jQuery
3.2.1 known XSS (<3.5)
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • ajax.googleapis.com×1
  • www.googletagmanager.com×1

Contact

Email
Phone

Registration

Registrar
REG-INTERNET-CZ
Created
1997-10-24
Expires
2027-10-28 514 days left
Updated
2017-09-29
Name servers
  • ns.forpsi.cz
  • ns.forpsi.it
  • ns.forpsi.net

DNS records live

NS
  • ns.forpsi.cz
  • ns.forpsi.it
  • ns.forpsi.net
MX
  • 10 go.contimex.cz
  • 85 mx2.contimex.cz
  • 90 og.contimex.cz

Email authentication partial

SPF
v=spf1 a mx include:spf.contimex.cz include:spf.mailkit.eu ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc-rua@mailkit.com;
policy: none (monitoring only)
DKIM
  • mail: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC0ecYVcJq6hJGbFAFmTu9BruRBTr5ItsUZ2WkcJoOWxjwDMrxZHzmvUKrHO7rIjgcy5Vvi8j1twPk…
selectors probed

Certificate (current)

E8
from 2026-04-15 to 2026-07-14
Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.contimex.cz/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
same-origin
x-frame-options
DENY
permissions-policy
accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com/embed/ *.doubleclick.net www.youtube-nocookie.com/embed/; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.cz *.cookiehub.net *.hotjar.io *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.facebook.com *.smartlook.cloud; frame-src www.google.com www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cookiehub.net *.smartsuppcdn.com *.cookiehub.eu; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.g.doubleclick.net c.seznam.cz *.cookiehub.net *.cookiehub.eu *.google-analytics.com *.googleapis.com *.smartsuppchat.com *.smartsuppcdn.com *.hotjar.com *.facebook.net *.smartlook.com; im
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin; report-to="default"
cross-origin-embedder-policy
unsafe-none; report-to="default"
cross-origin-resource-policy
same-origin

Links to (16)

Linked from (7)