indexo.dev

firstcardonline.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-31 · ok HTTP/1.1 200 599 ms crawled 2026-05-31

FI · 158.233.250.69 · AS201271 Nordea Bank Abp

Reputation 100/100

Classifying

HTML metadata

Title
First Card — get more time for what matters
Description
First Card gives you more time for what matters to your business through smart payments and simplified administration
Language
en-US
Canonical
https://www.firstcardonline.com
Translations
  • sv ×2
  • da
  • en
  • fi
  • no

Open Graph

url
https://www.firstcardonline.com
title
First Card — get more time for what matters
description
First Card gives you more time for what matters to your business through smart payments and simplified administration

Technology

CDN
Vercel
CMS
Next.js

Third-party hosts loaded (1)

  • policy.cookiereports.com×1

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2018-01-31
Expires
2027-01-31 244 days left
Updated
2026-01-27
Name servers
  • ns0.nordea.com
  • ns1.nordea.com
  • ns2.nordea.com
  • spdns3.cscdns.net

DNS records live

NS
  • ns0.nordea.com
  • ns1.nordea.com
  • ns2.nordea.com
  • spdns3.cscdns.net

Email authentication no MX

SPF
not published
DMARC
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:nordea@rua.agari.com; ruf=mailto:nordea@ruf.agari.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

DigiCert SHA2 Secure Server CA
from 2019-03-27 to 2020-03-27
Expired 2257 days ago

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.firstcardonline.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing Permissions Policy
Header values
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; font-src 'self' https:; frame-ancestors 'self'
strict-transport-security
max-age=63072000; includeSubDomains; preload