indexo.dev

haikko.fi

.fi crawl

First seen 2026-06-03 · Last seen 2026-06-04 · ok HTTP/1.1 200 413 ms crawled 2026-06-03

US · 216.150.1.193 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Haikko - Kartano & Kylpylähotelli Haikko | Porvoo
Language
fi

Open Graph

title
Haikko - Kartano & Kylpylähotelli Haikko | Porvoo

Technology

CDN
Vercel
CMS
Next.js
Analytics
  • Google Tag Manager
Social widgets
  • Vimeo Embed

Third-party hosts loaded (2)

  • player.vimeo.com×1
  • www.googletagmanager.com×1

Social

Registration

Created
1997-07-01
Name servers
  • ns2-usa.global.sonera.net [ok]
  • ns1-fin.global.sonera.fi [193.210.18.31] [2001:2060:ffdd:a01::53] [ok]
  • ns1-swe.global.sonera.se [ok]
  • ns2-fin.global.sonera.fi [195.156.148.158] [2001:2060:ffdd:a02::53] [ok]

DNS records live

NS
  • ns1-fin.global.sonera.fi
  • ns1-swe.global.sonera.se
  • ns2-fin.global.sonera.fi
  • ns2-usa.global.sonera.net
MX
  • 0 haikko-fi.mail.protection.outlook.com
Verified for
  • Google
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:130.61.9.164 ip4:130.61.65.155 ip4:130.61.64.168 ip4:130.61.8.226 ip4:130.61.15.8 ip4:130.61.13.224 ip4:37.233.94.174 ip4:212.27.79.46 include:_spf.anpdm.com include:spf.protection.outlook.com include:hubspotemail.net include:amazonses.com include:posti.saas.cldpart.net include:_spf.smtp.mpynet.fi include:_spf.smtp-out.mpynet.fi include:_spf.yritysnet.fi include:spf.dlgc.eu -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:mailauth-reports@haikko.fi
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NLnkTV+70KWzsis2UgSr3JFajLnu8haXfdYxTVMZ7SNd71QxKsYKQtuSh8mnUOR79GggCUtBk/9Hm…
selectors probed

Certificate (current)

R12
from 2026-04-26 to 2026-07-25
Expires in 50 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.haikko.fi/fi

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://resource.humm.fi/laplandhotels.js https://api.livechatinc.com https://cdn.livechatinc.com/tracking.js https://*.cookiebot.eu https://*.cookiebot.com https://app.storyblok.com/f/storyblok-v2-latest.js https://*.adform.net https://connect.facebook.net https://adsrvr.org https://*.adsrvr.org https://snap.licdn.com https://acdn.adnxs.com/dmp/up/pixie.js https://www.youtube.com https://www.youtube.com/iframe_api https://player.vimeo.com https://f.vimeocdn.com https://vod-progressive.akamaized.net https://api.custobar.com https://eu2.snoobi.com https://plugins.flockler.com https://*.leadoo.com https://s.pinimg.com/ct/; style-src 'self' 'unsafe-inline' *.leadoo.com; img-src 'self' blob: data: https://a.storyblok.com https://media-api.flockler.com https://social-proxy.flockl
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (9)

Linked from (2)