duolaval.com

.com crawl

First seen 2026-04-21 · Last seen 2026-05-14 · ok HTTP/1.1 200 3015 ms crawled 2026-05-14

US · 108.156.22.128 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

sector other type homepage

HTML metadata

Title

DUO Centre Laval et Quartier Laval - DUO

Description

DUO is a shopping centre located in the heart of Laval! Home to a varied range of stores and services including the biggest names in retail, such as The Brick, Best Buy, The Bay, and Sports Experts, just to name a few. Find all of your favourite stores in one convenient place; Discover DUO!

Language

en-ca

Canonical

https://duolaval.com/en

Translations

en-ca
fr-ca

Open Graph

url: https://duolaval.com/en
locale: en_ca
site name: DUO
description: DUO is a shopping centre located in the heart of Laval! Home to a varied range of stores and services including the biggest names in retail, such as The Brick, Best Buy, The Bay, and Sports Experts, just to name a few. Find all of your favourite stores in one convenient place; Discover DUO!

Technology

CDN: Amazon CloudFront
Server: nginx

Third-party hosts loaded (2)

cms-images.cominar.com×28
www.facebook.com×1

Social

Contact

Phone

4506872150

Address

1600 Boul. le CorbusierLaval, QC H7S 1Y9, Canada

Registration

Registrar

Amazon Registrar, Inc.

Created

2019-08-26

Expires

2026-08-26 98 days left

Updated

2026-05-13

Name servers

ns-1217.awsdns-24.org
ns-1596.awsdns-07.co.uk
ns-849.awsdns-42.net
ns-85.awsdns-10.com

DNS records live

NS

ns-1217.awsdns-24.org
ns-1596.awsdns-07.co.uk
ns-849.awsdns-42.net
ns-85.awsdns-10.com

MX

10 mx2.cominar.com
20 mx1.cominar.com

TXT

google-site-verification=VMYZt_HwEtM_48XowamDmiW6QHqzhSegHmveA8s2U0E
VMYZt_HwEtM_48XowamDmiW6QHqzhSegHmveA8s2U0E

Email authentication weak

SPF: v=spf1 -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M04

from 2026-04-02 to 2026-10-17

Expires in 150 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://duolaval.com/en

present

strict-transport-security
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

missing Content Security Policy
weak frame protection
weak content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubdomains;, max-age=31536000; includeSubdomains;
content-security-policy-report-only: default-src 'none'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://maps.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; connect-src 'self' https://sentry.io https://formspree.io *.amazonaws.com https://www.googletagmanager.com https://cms.cominar.com https://cms-assets.cominar.com https://cms-images.cominar.com; img-src 'self' data: https://www.facebook.com https://*.cdninstagram.com https://maps.googleapis.com https://maps.gstatic.com https://*.typekit.net https://cms-assets.cominar.com https://cms-images.cominar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net; media-src 'self' *.amazonaws.com; frame-ancestors 'self'; frame-src 'none'; form-action 'self' *.list-manage.com; script-src-elem 'self' https://maps.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net;