gorilla-auto.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1366 ms crawled 2026-05-18

US · 151.101.65.124 · AS54113 Fastly, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: The Industry Leader for Automotive Accessories | Gorilla Automotive
Description: Protecting the world's finest wheels.
Language: en
Canonical: https://www.gorilla-auto.com/

Open Graph

url: https://www.gorilla-auto.com/
title: Gorilla Auto | Home

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (3)

rum.hlx.page×1
static.klaviyo.com×1
www.googletagmanager.com×1

Social

Contact

Phone

800-262-6267

Registration

Registrar

GoDaddy.com, LLC

Created

1998-08-21

Expires

2026-08-20 92 days left

Updated

2022-09-07

Name servers

ns49.domaincontrol.com
ns50.domaincontrol.com

DNS records live

NS

ns49.domaincontrol.com
ns50.domaincontrol.com

MX

10 us-smtp-inbound-1.mimecast.com
20 us-smtp-inbound-2.mimecast.com

TXT

Show 8 TXT records

MS=ms76564692
knowbe4-site-verification=b97c6e2d31b87271ebbf65215f979d54
google-site-verification=HrBLQhMKySfiYg5YDpaoQey10Q2IF2bIDIn9ZsO5q8A
0ed1fe018aa1593ca472044286ab9f02049c6402d7
klaviyo-site-verification=Ub3jMn
Responsible Party: staff@netvolution.com
proxy-ssl.webflow.com
MS=ms86898929

Email authentication partial

SPF: v=spf1 ip4:50.204.166.50 include:_netblocks.mimecast.com include:spf.protection.outlook.com include:_spf.sendergen.com -all
strict (-all)
DMARC: v=DMARC1; p=none
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-15 to 2026-08-13

Expires in 86 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.gorilla-auto.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src f
strict-transport-security: max-age=31536000

Links to (6)

Linked from (1)

wheelpros.com×4