indexo.dev

glossybox.co.uk

.uk crawl

First seen 2026-05-30 · Last seen 2026-05-31 · ok HTTP/1.1 200 797 ms crawled 2026-05-31

DE · 146.75.117.91 · AS54113 Fastly, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
GLOSSYBOX: The UK's Most Trusted Beauty Box
Description
Treat yourself to a GLOSSYBOX Beauty Box. Discover 5 amazing beauty products worth over £50 delivered to your door every month.
Language
en
Generator
Astro v5.15.8
Canonical
https://www.glossybox.co.uk/
Translations
  • en ×2

Open Graph

url
https://www.glossybox.co.uk/
title
GLOSSYBOX: The UK's Most Trusted Beauty Box
site name
Glossybox

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager
Cookie consent
  • OneTrust
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • fonts.googleapis.com×3
  • cdn.cookielaw.org×2
  • www.googletagmanager.com×2
  • fonts.gstatic.com×1
  • www.glossybox.ie×1

Social

DNS records live

NS
  • dns1.p05.nsone.net
  • dns2.p05.nsone.net
  • dns3.p05.nsone.net
  • dns4.p05.nsone.net
  • ns01.thg-ns.net
  • ns02.thg-ns.net
  • ns03.thg-ns.net
  • ns04.thg-ns.net
MX
  • 5 eu-smtp-inbound-1.mimecast.com
  • 5 eu-smtp-inbound-2.mimecast.com
TXT
Show 4 TXT records
  • snc0lqngvrcvrs5346n4t8ccg9tfxqgn
  • fastly-domain-delegation-764852-2024514
  • 0ed1fe018ab3ba91eb24d54272af426b60a6cf71f2
  • l2k40xfwf71p3d667lj8xdpnvs3dj53l
Verified for
  • Atlassian
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.mandrillapp.com ip4:31.177.16.96/27 include:eu._netblocks.mimecast.com -all
strict (-all)
DMARC
v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:dmarc-feedback@glossybox.de; ruf=mailto:dmarc-forensic@glossybox.de; rf=afrf; pct=100;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-05-26 to 2026-08-24
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.glossybox.co.uk/

present
  • strict-transport-security
  • content-security-policy
findings
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.glossybox.co.uk https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com https://*.awin1.com https://*.zenaps.com https://lantern.roeye.com; connect-src 'self' https://a
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (8)

Linked from (1)