indexo.dev

cresa.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-11 · ok HTTP/1.1 200 2039 ms crawled 2026-05-09

US · 20.119.128.17 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
Cresa | Commercial Real Estate Advisory for Occupiers
Description
World's largest occupier only commercial real estate company
Language
en
Canonical
https://www.cresa.com/
Translations
  • en
  • fr-fr

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager
Social widgets
  • Vimeo Embed

Third-party hosts loaded (4)

  • ajax.googleapis.com×1
  • cdnjs.cloudflare.com×1
  • player.vimeo.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar
Squarespace Domains LLC
Created
1995-10-16
Expires
2026-10-15 149 days left
Updated
2025-09-30
Name servers
  • ns1-05.azure-dns.com
  • ns2-05.azure-dns.net
  • ns3-05.azure-dns.org
  • ns4-05.azure-dns.info

DNS records live

NS
  • ns1-05.azure-dns.com
  • ns2-05.azure-dns.net
  • ns3-05.azure-dns.org
  • ns4-05.azure-dns.info
MX
  • 10 us-smtp-inbound-1.mimecast.com
  • 10 us-smtp-inbound-2.mimecast.com
TXT
  • smartsheet-site-validation=QeA233fICVTUK8oOhaNO_UClKIUGK5wL

Email authentication strong

SPF
v=spf1 include:us._netblocks.mimecast.com include:spf.protection.outlook.com include:_spf.salesforce.com include:_spf.act-on.net ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine
policy: quarantine
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiFPFY10VqU9oN/DMf5vkoz9cOimxKnid/MM3Rd92e5596ioq8hlkzL0Oew8wnU0OWolxIrTxn+bQz…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT+5mQulI9DEY8k6BMFZYgID4441Mdw1l7GGbITEeItNx7tlcl5/q4V9xhmtbl13H8QPLuv7sODD+o…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2025-06-10 to 2026-07-10
Expires in 52 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.cresa.com/

present
  • content-security-policy
  • x-frame-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cresa.com *.cloudflare.com *.licdn.com static.oktopost.com marketing.cresa.com *.cresa.com vimeo.com player.vimeo.com z.moatads.com m.addthis.com v1.addthisedge.com s7.addthis.com maps.googleapis.com ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com *.google-analytics.com unpkg.com edge.addthis.com www.google.com www.gstatic.com *.addtoany.com *.zi-scripts.com *.zoominfo.com *.clickagy.com; connect-src 'self' px.ads.linkedin.com vimeo.com player.vimeo.com marketing.cresa.com *.cresa.com m.addthis.com api-public.addthis.com *.google-analytics.com stats.g.doubleclick.net www.mocky.io *.googleapis.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.cloudflare.com; img-src 'self' data: developers.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com marketing.cresa.com *.cresa.com vimeo.com player.vimeo.com *.zi-scripts.com *.zoominfo.com *.clickagy.com px.ads.linkedin.com; style-src 'se

Links to (5)

Linked from (4)