indexo.dev

gupy.io

.io toplist crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1173 ms crawled 2026-05-18

US · 3.164.240.111 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Gupy | Impulsione o seu RH
Description
A Gupy é uma plataforma completa para contratar, recrutar, treinar e engajar a seu time de forma simples em uma jornada única e digital.
Language
pt-br
Generator
HubSpot
Canonical
https://www.gupy.io
Translations
  • en
  • es
  • pt-br

Open Graph

url
https://www.gupy.io
title
Gupy | Impulsione o seu RH
description
A Gupy é uma plataforma completa para contratar, recrutar, treinar e engajar a seu time de forma simples em uma jornada única e digital.

Technology

CDN
Cloudflare

Third-party hosts loaded (3)

  • cdn.privacytools.com.br×1
  • dc.ads.linkedin.com×1
  • js.hsforms.net×1

Social

Contact

Address
Avenida Paulista, 1079, 01311-200, São Paulo, SP, BR

DNS records live

NS
  • karsyn.ns.cloudflare.com
  • lars.ns.cloudflare.com
MX
  • 10 mx364.umbler.com
  • 20 mx128.umbler.in
  • 30 mx783.umbler.com.br
  • 40 mx240.umbler.co.uk
TXT
Show 8 TXT records
  • privacytools-domain-verification=bd4e2b3f1f3e7fad2762498550b13a35ac929f0a66d959b0ff96f9bf048ed7c4
  • 1password-site-verification=76HVG2F5KRCBVOJXSXUAKXGJ5M
  • ca3-0e40b8abb8a64f4f88e998f0fa8cf0b2
  • facebook-domain-verification=urlcld2dyhvnhvxq3gzacqu38ikdf9
  • google-site-verification=W5jRp4pGAXyeus94lFetnt1Hk5GWIfJL_-Syan58e20
  • google-site-verification=ZjhFcFqhGuxRJrrjBjNMDfyQIHdl1xII3bOGOtNp5dU
  • google-site-verification=oBdfkLra6pmoEdeAfqIAoYOWpMy9dvz-9eluCy8WIPA
  • google-site-verification=vPIuW64NFL9aWf_Y1vYbr5qPyfBFB65prhgF7aacnDM

Email authentication partial

SPF
v=spf1 include:spf.umbler.com -all
strict (-all)
DMARC
v=DMARC1; p=quarentine; rua=mailto:seguranca@gupy.com.br;
no policy tag
DKIM
no key found at common selectors

Certificate (current)

Amazon RSA 2048 M04
from 2026-01-21 to 2027-02-19
Expires in 275 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://gupy.io/

present
  • strict-transport-security
  • content-security-policy
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(self), battery=(), camera=(self), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com static.hotjar.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com plugin.handtalk.me px.ads.linkedin.com snap.licdn.com *.hsappstatic.net unpkg.com *.hubspot.com *.hubspotusercontent-na1.net cdn.jsdelivr.net *.cloudfront.net *.bing.com *.albacross.com *.privacytools.com.br *.linkedin.com *.googletagmanager.com www.gupy.io *.gupy.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotuse
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy-report-only
default-src 'self'; object-src 'none'; script-src 'self' *.hubspot.com *.hubspotusercontent-na1.net cdn.jsdelivr.net adsplay.com.br www.chatbase.co platform.twitter.com static.addtoany.com cdn.socket.io cdn.datatables.net *.cloudfront.net *.airtable.com www.googleadservices.com bat.bing.com *.albacross.com www.youtube.com snap.licdn.com static.hotjar.com cdn.privacytools.com.br plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com *.storylane.io try.abtasty.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org *.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com app.hubspot.com js.usemessages.com *.linkedin.com static.hsappstatic.net www.googletagmanager.com www.gupy.io sibforms.com; style-src 'self' 'unsafe-inline' *.gupy.io *.hubspot.com *.hsappstatic.net *.hubspot.n

Links to (3)

Linked from (16)