indexo.dev

geronimostilton.com

.com crawl

First seen 2026-05-27 · Last seen 2026-05-27 · ok HTTP/1.1 200 263 ms crawled 2026-05-30

IE · 52.50.175.82 · AS16509 Amazon.com, Inc.

Reputation 77/100 multiple spf records no dmarc policy

sector entertainment type homepage

HTML metadata

Title
Geronimo Stilton World | Official Website
Description
Dear friends, welcome to the new fabumouse website of Geronimo Stilton! Go on a cheddarific adventure with Geronimo and all of his friends: a world of games and activities is waiting for you!
Language
it

Technology

Server
Apache
jQuery
1.3 known XSS (<3.5)

Third-party hosts loaded (4)

  • ajax.googleapis.com×1
  • code.createjs.com×1
  • plus.google.com×1
  • www.google.com×1

Registration

Registrar
Register SPA
Created
2000-04-18
Expires
2027-04-18 321 days left
Updated
2026-04-19
Name servers
  • ns1.register.it
  • ns2.register.it

DNS records live

NS
  • ns1.register.it
  • ns2.register.it
MX
  • 10 mail.register.it
Verified for
  • Google

Email authentication weak

SPF
v=spf1 include:servers.mcsv.net ?all
neutral (?all) · multiple SPF records
DMARC
not published
DKIM
  • default: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXt5BQdj6pWHG4f8Fai70YXks1cUULaqB1xR1Fq+XQfKEoDM49ZLFV0GKv6wMZilmvNpPRkHdBlxxAP…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

E7
from 2026-04-10 to 2026-07-09
Expires in 38 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://geronimostilton.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=(self)
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
strict-transport-security
max-age=63072000; includeSubDomains

Linked from (1)