indexo.dev

crosscountryapp.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 11022 ms crawled 2026-05-19

US · 52.5.237.8 · AS14618 Amazon.com, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
CrossCountry App | CrossCountry App
Description
CrossCountry App helps event riders memorise their courses and ride to time. Map your course with GPS, automatically calculate your minute markers.
Canonical
https://www.crosscountryapp.com/

Technology

Server
nginx

Social

Registration

Registrar
Netregistry Wholesale Pty Ltd
Created
2011-09-18
Expires
2026-09-18 121 days left
Updated
2024-05-24
Name servers
  • ns1.syd5.hostyourservices.net
  • ns2.syd5.hostyourservices.net

DNS records live

NS
  • ns1.syd5.hostyourservices.net
  • ns2.syd5.hostyourservices.net
MX
  • 0 mail.crosscountryapp.com
TXT
  • google-site-verification=UDvTJeAqIl18-1GokcVVi4NfAO9bejf8ppiAInzJ4Tc
  • stripe-verification=1c648adddd909d9f30a344b8ad36c1d7bad4157b3b3e0108182b18e064959a55
  • sendinblue-code:fd1ebeb963df335dceb7de6543122bf8

Email authentication strong

SPF
v=spf1 ip4:43.250.142.73 +a +mx include:spf.hostyourservices.net include:spf.sendinblue.com mx ~all
softfail (~all)
DMARC
v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:dmarc@crosscountryapp.com;ruf=mailto:dmarc@crosscountryapp.com
policy: quarantine · sp=quarantine
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
  • mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed

Certificate (current)

E7
from 2026-05-07 to 2026-08-05
Expires in 78 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.crosscountryapp.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' piwik.crosscountryapp.com; style-src 'self' 'unsafe-inline'; img-src *; media-src *; font-src 'self'; child-src www.youtube.com; object-src 'none';

Links to (5)

Linked from (5)