cottonbird.es

.es crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 4011 ms crawled 2026-05-19

FR · 51.68.49.216 · AS16276 OVH SAS

Reputation 94/100 dmarc monitor-only

sector other type homepage

HTML metadata

Title: Cotton Bird
Language: es
Canonical: https://www.cottonbird.es//

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (2)

www.google.com×1
www.googletagmanager.com×1

Social

Contact

Phone

+34 919 03 36 08

DNS records live

NS

ns4.makolab.pl
panel6-dns.makolab.pl

MX

10 pmg.makolab.pl

TXT

klaviyo-site-verification=RPQFUE

Verified for

Google

Email authentication partial

SPF: v=spf1 a mx a:cottonbird.es ip4:193.239.137.24 ip4:193.28.230.254 include:mail.zendesk.com include:amazonses.com include:sendgrid.net ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:rua@cottonbird.es; ruf=mailto:ruf@cottonbird.es; rf=afrf; fo=1:d:s; adkim=r; aspf=r
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

E7

from 2026-04-28 to 2026-07-27

Expires in 68 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.cottonbird.es/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
weak frame protection
missing Permissions Policy

Header values

referrer-policy: same-origin
x-frame-options: sameorigin, DENY
x-content-type-options: nosniff
content-security-policy: default-src https: wss: blob: 'unsafe-eval' 'unsafe-inline' data:; object-src 'self'; img-src blob: http: https: data:; base-uri 'self';
strict-transport-security: max-age=3155760000;

Links to (9)

Linked from (2)

cottonbird.fr×4
cottonbird.de×3