indexo.dev

hallmark.com

.com crawl dns

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 3404 ms crawled 2026-05-18

US · 23.205.249.183 · AS20940 Akamai International B.V.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Hallmark Greeting Cards, Gifts, Ornaments, Home Decor & Gift Wrap | Hallmark
Description
Shop Hallmark for the biggest selection of greeting cards, Christmas ornaments, gift wrap, home decor and gift ideas to celebrate holidays, birthdays, weddings and more.
Language
en
Canonical
https://www.hallmark.com/
Translations
  • en-au
  • en-ca
  • en-gb
  • en-us
  • fr-ca
  • ja-jp
  • nl-be
  • nl-nl

Open Graph

url
https://www.hallmark.com/
title
Hallmark Greeting Cards, Gifts, Ornaments, Home Decor & Gift Wrap | Hallmark
site name
Hallmark OneSite
description
Shop Hallmark for the biggest selection of greeting cards, Christmas ornaments, gift wrap, home decor and gift ideas to celebrate holidays, birthdays, weddings and more.

Technology

CDN
Cloudflare
Analytics
  • Cloudflare Insights
Cookie consent
  • OneTrust
Third-party hosts loaded (11)
  • www.hallmark.ca×2
  • assets.adobedtm.com×1
  • cdn.cookielaw.org×1
  • cdn.cquotient.com×1
  • hallmark.co.uk×1
  • hallmark.com.au×1
  • nl.hallmark.be×1
  • static.cloudflareinsights.com×1
  • www.google.com×1
  • www.hallmark.jp×1
  • www.hallmark.nl×1

Social

Registration

Registrar
Nom-iq Ltd. dba COM LAUDE
Created
1994-09-13
Expires
2026-09-12 115 days left
Updated
2025-08-13
Name servers
  • auth00.ns.uu.net
  • auth100.ns.uu.net
  • ns1.hallmark.com
  • ns2.hallmark.com

DNS records live

NS
  • auth00.ns.uu.net
  • auth100.ns.uu.net
  • ns1.hallmark.com
  • ns2.hallmark.com
MX
  • 10 mx1.hc2388-90.iphmx.com
TXT
Show 41 TXT records
  • apple-domain-verification=yfxBJu7cC9FxAjR4
  • pexip-ms-tenant-domain-verification=4af6974d-40a4-47c6-a90f-06c291bd6971
  • klaviyo-site-verification=UfnqXE
  • _globalsign-domain-verification=x2_hJLbuYkmOFGrAV5NhK8_F9QdnJPDOCaL8QNeQjH
  • atlassian-domain-verification=ziiGsHvXJGYqcAyAw1RdxqksmNyE3vfRXvRX4UyL8Yt7+14k2jmWA/8xBS1To+b8
  • globalsign-domain-verification=ab3002b5395ca2558e897d7766940b74
  • liveramp-site-verification=oUHYFCFdfZCSMvgzXs7CHfy-X38NE_--JR-Wf0EEiYY
  • _globalsign-domain-verification=VDECJl0iqH2E6b0px-fxeiLRInC8t6J-5MCYIV-q8M
  • apple-domain-verification=uD2nZWjM5eBvqS4j
  • llp8qqxwddsrf4t38mnh1jqwp9dqb9np
  • _globalsign-domain-verification=3wSymSUDou2tTDCex9e08G_lHdlnJkZo8SV3bnnWoC
  • a226309d-f516-4353-afa8-edda2c913610
  • globalsign-domain-verification=11465675D5E7C45894B18A0B6A34E920
  • 6de9a1c6-5023-4fd8-b980-1456580a4168
  • globalsign-domain-verification=9c14f45b561d9819919a358352499d5b
  • v=verifydomain MS=ms28902027
  • globalsign-domain-verification=bcb6d6b810b9ccd2fcc49d30809faf5a
  • 86506ba9-bb12-46fd-840d-f9f9ed0ab226
  • facebook-domain-verification=3wouoflp82o0kv98s2k8jyruonb2m0
  • globalsign-domain-verification=4F6A9DCDC9CC1831DA6E85DB1CA36A9D
  • miro-verification=51ba24a78dca83e949512c311468618801b424d6
  • docker-verification=243ca4c7-1c2e-4556-8c83-a23f038a5486
  • 2rbypjhl9tshswsrlfd6flqdc2xd0xqs
  • google-site-verification=NOzWw2wWG0MLL8kncjLZvsAyHoedrAcM--SAwOcu4Rw
  • globalsign-domain-verification=65A259D3D1E4EBF10A7AED3437F6EC3C
  • apple-domain-verification=gurDy3KRICtnEQ40
  • smartsheet-site-validation=Y7cdbbBwDxuSOUNwlAaP33ZaYhJ9_DFX
  • jamf-site-verification=JPgxZo1o3_gfloUTBIQ_3A
  • smartsheet-site-validation=KqRbWiWsyxn_zOax8btP-n6ZvZeHgEV4
  • globalsign-domain-verification=AB41085DD479D26B12F7F8379389138C
  • a/ozQVYuMSiqlbHxNClYDhH6jh3mfghp9IZ7lxGgaBUrekirCFomhv9WgLjefS9FYoxwHNc5h05F8kRJRK+/3A==
  • globalsign-domain-verification=ee6cf43e9d444e1b14455a1802b8866a
  • x5hytuw.x.incapdns.net
  • canva-site-verification=LrzlUo_01R-V9dBOFE6dcQ
  • docusign=b457f0db-65d8-4faa-8bf3-351cd157fec1
  • qgt8adfsiom1m75tc5cpum4u7g
  • onetrust-domain-verification=844f0ac72a84445d92210c975776c30e
  • access-domain-verification=5e6474607068e076116dfd247e3ac5f39e7cdcc6307e8f2743c81c8ac1798750
  • docusign=c880f5ab-9af7-4922-9fae-85b8979542c5
  • google-site-verification=Ml19pMDb0V1ih_TuKkL1d9vMA72EgwRvzaeLYKEG9MM
  • globalsign-domain-verification=BDCB4CA30A3B13D26DD9E7AC7537476F

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com a:production.main.hallmark.demandware.net ip4:64.79.169.80 ip4:52.22.165.122 include:_spf1.hallmark.com include:_spf2.hallmark.com include:cust-spf.exacttarget.com mx include:spf_eu1.ladesk.com include:shops.shopify.com -all
strict (-all)
DMARC
v=DMARC1;p=none;
policy: none (monitoring only)
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

E7
from 2026-03-26 to 2026-06-24
Expires in 36 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.hallmark.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.bloomreach.com *.hallmark.com *.cybersource.com google.com *.google.com *.googleadservices.com *.googleservices.com *.googletagmanager.com *.gstatic.com *.smartystreets.com browser-intake-datadoghq.com edge.adobedc.net *.adobedtm.com *.onetrust.com *.adsrvr.org *.akamaihd.net *.amazon-adsystem.com *.bing.com *.browser-intake-datadoghq.com *.brsrvr.com *.contentsquare.net *.contentsquare.com *.cookielaw.org *.cquotient.com *.datadoghq-browser-agent.com *.demdex.net *.doubleclick.net *.dxpapi.com *.facebook.com *.facebook.net *.igodigital.com *.ipredictive.com *.kampyle.com *.medallia.com *.mppglobal.com *.my.salesforce-scrt.com *.my.site.com *.nmgassets.com *.omtrdc.net *.online-metrix.net *.paa-reporting-advertising.amazon *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com *.salesforceliveagent.com *.sc-static.net *.sitelabweb.com *.snapchat.com *.tiktok.com *.tiktokw.us
strict-transport-security
max-age=31536000; includeSubDomains

Links to (9)

Linked from (7)