indexo.dev

hansemerkur.pl

.pl crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 646 ms crawled 2026-05-30

DE · 185.190.195.111 · AS206266 HanseMerkur Krankenversicherung AG

Reputation 92/100 weak subdomain policy

Classifying

HTML metadata

Title
HanseMerkur - właściwe ubezpieczenie podróżne na każdy wyjazd
Description
Najlepsza ochrona podczas wyjazdów wakacyjnych na całym świecie. Zarezerwuj ubezpieczenie podróżne online na korzystnych warunkach już teraz!
Language
pl-PL
Canonical
https://www.hansemerkur.pl/

Open Graph

url
https://www.hansemerkur.pl/
title
HanseMerkur
description
Najlepsza ochrona podczas wyjazdów wakacyjnych na całym świecie. Zarezerwuj ubezpieczenie podróżne online na korzystnych warunkach już teraz!

Technology

Server
HM-HCP
Cookie consent
  • Usercentrics

Third-party hosts loaded (1)

  • app.usercentrics.eu×1

Social

DNS records live

NS
  • lars.ns.cloudflare.com
  • tani.ns.cloudflare.com
MX
  • 10 vamail01.hansemerkur.de
  • 10 vamail02.hansemerkur.de
  • 30 vamail03.hansemerkur.de
Verified for
  • Microsoft 365
  • Miro

Email authentication strong

SPF
v=spf1 include:spf-ip-a.hansemerkur.de include:spf-ip-b.hansemerkur.de include:spf-include-a.hansemerkur.de -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:hm_dmarc@hansemerkur.de,mailto:dmarc_agg@vali.email; ruf=mailto:postmaster@hansemerkur.de; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine;
policy: reject (enforced) · sp=quarantine
DKIM
  • dkim: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8zEBZnM6aW6PhO22wSjp47g7mpkALv7RLn0U+0QKAmKyoFs0ZQFoBrnRiDTgR3B2U+zEii8/9+n9TptD5aNY…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-09-29 to 2026-10-27
Expires in 148 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.hansemerkur.pl/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
findings
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
connect-src 'self' *.tuerchen.com tuerchen.app *.tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.de *.googleadservices.com *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.bing.net *.bing.com *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.fitrockr.com *.heyflow.com *.loyjoy.com *.moin.ai wss://bot.moin.ai *.qualtrics.com *.clarity.ms; default-src 'self'; font-src 'self' data: *.novomind.com font.gstatic.com *.tuerchen.app core.tuerchen.com *.loyjoy.com *.heyflow.cloud *.moin.ai; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com app.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu *.cmp.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur.d
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (10)

Linked from (4)