indexo.dev

fdr-risk.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-28 · ok HTTP/1.1 200 1502 ms crawled 2026-05-30

US · 99.83.234.29 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
FDR | Turning risks into smart solutions
Description
FDR is a global maritime insurance broker in Rotterdam, delivering tailored risk and insurance solutions for shipping and marine businesses.
Language
en-US
Generator
WordPress 6.9.1
Canonical
https://fdr-risk.com/
Translations
  • en
  • nl

Open Graph

url
https://fdr-risk.com/
title
FDR | Turning risks into smart solutions
locale
en_US
site name
FDR
description
FDR is a global maritime insurance broker in Rotterdam, delivering tailored risk and insurance solutions for shipping and marine businesses.

Technology

Server
nginx
CMS
WordPress 6.9.1
jQuery
3.7.1
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (6)

  • 23g-sharedhosting-fdr.s3.eu-west-1.amazonaws.com×13
  • www.googletagmanager.com×3
  • fonts.googleapis.com×2
  • consent.23g.io×1
  • fonts.gstatic.com×1
  • www.google.com×1

Social

Contact

Email
Phone
Address
Veerhaven 143016 CJ Rotterdam, The Netherlands

Registration

Registrar
Key-Systems GmbH
Created
2022-09-01
Expires
2026-09-01 92 days left
Updated
2025-11-27
Name servers
  • ns0.transip.net
  • ns1.transip.nl
  • ns2.transip.eu

DNS records live

NS
  • ns0.transip.net
  • ns1.transip.nl
  • ns2.transip.eu
MX
  • 0 fdrrisk-com0i.mail.protection.outlook.com
TXT
  • mandrill_verify.JouQS6xNpFrr4K_3nE3F3w
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:spf.protection.outlook.com include:spf.mandrillapp.com include:_spf.salesforce.com -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Amazon RSA 2048 M01
from 2025-11-25 to 2026-12-25
Expires in 207 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://fdr-risk.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), conversion-measurement=(), cross-origin-isolated=(), direct-sockets=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), focus-without-user-activation=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-autofill=(), speaker-selection=(), storage-access-api=(), sync-script=(), sync-xhr=(), trust-token-redemption=(), usb=(), vertical-scroll=(), wake-lock=(), web-share=(), window-placement=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.tidiochat.com;img-src 'self' 'unsafe-inline' *.amazonaws.com s.w.org *.facebook.com *.facebook.net *.reddit.com *.gravatar.com *.google.com *.google.nl *.hsforms.com *.hubspot.com *.google-analytics.com *.googletagmanager.com *.vimeocdn.com *.ytimg.com *.linkedin.com data:;style-src 'self' 'unsafe-inline' *.typeform.com *.googleapis.com;font-src 'self' 'unsafe-inline' *.gstatic.com data:;frame-src 'self' 'unsafe-inline' *.facebook.com *.typeform.com *.google.com *.youtube.com *.vimeo.com *.hsappstatic.net *.hubspot.com *.buzzsprout.com *.googletagmanager.com;media-src 'self' 'unsafe-inline' *.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tidio.co *.tidiochat.com *.facebook.net *.redditstatic.com *.hsadspixel.net *.buzzsprout.com *.typeform.com *.google.com *.google-analytics.com *.23g.io *.licdn.com *.googletagmanager.com *.gstatic.com *.youtube.com *.vimeo.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *
strict-transport-security
max-age=31536000; includeSubDomains

Links to (2)

Linked from (1)