indexo.dev

disneygiftcard.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-09 · ok HTTP/1.1 200 3284 ms crawled 2026-05-18

US · 99.83.153.59 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
HOME
Language
en

Technology

Cookie consent
  • OneTrust

Third-party hosts loaded (2)

  • cdn.cookielaw.org×1
  • go4.disney.go.com×1

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2005-09-17
Expires
2026-09-17 120 days left
Updated
2025-08-18
Name servers
  • ns-1503.awsdns-59.org
  • ns-162.awsdns-20.com
  • ns-1810.awsdns-34.co.uk
  • ns-698.awsdns-23.net

DNS records live

NS
  • ns-1503.awsdns-59.org
  • ns-162.awsdns-20.com
  • ns-1810.awsdns-34.co.uk
  • ns-698.awsdns-23.net
MX
  • 10 generalsmtp.disney.com
TXT
  • 5F5D-E96A-914D-1471-BBC3-F9A0-A9F5-04E9

Email authentication partial

SPF
v=spf1 include:woc.spf.go.com include:_spf.sparkpostmail.com -all
strict (-all)
DMARC
v=DMARC1; p=none; fo=1; rua=mailto:Corp.Dmarc_RUA@disney.com; ruf=mailto:Corp.Dmarc_RUF@disney.com
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Amazon RSA 2048 M04
from 2025-10-15 to 2026-11-14
Expires in 178 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.disneygiftcard.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://*.disney.com https://*.wdprapps.disney.com https://*.google.com https://*.gstatic.com https://*.go.com localhost:* p11.techlab-cdn.com; frame-src 'self' https://*.go.com http://*.go.com *.disney.com:* *.google.com:* *.gstatic.com:* localhost:* *.demdex.net assets.adobedtm.com *.clicktale.net s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.facebook.com *.flashtalking.com *.snapchat.com *.tamgrt.com *.adsrvr.org; img-src 'self' * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' data: *.disney.com:* localhost:* *.go.com:* *.google.com:* *.gstatic.com:* *.wdpromedia.com assets.adobedtm.com www.googletagmanager.com *.demdex.net *.tt.omtrdc.net *.go-mpulse.net *.clicktale.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *
strict-transport-security
max-age=31536000; includeSubDomains

Linked from (2)