hariboencasa.es

.es crawl

First seen 2026-04-20 · Last seen 2026-05-19 · ok HTTP/1.1 200 2002 ms crawled 2026-05-13

ES · 200.234.230.236 · AS49635 Cloudi Nextgen Sl

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Las mejores chuches online y las golosinas de toda la vida! | HARIBO
Description: Compra chuches en Hariboencasa, la tienda online de HARIBO. En la tienda de golosinas de HARIBO España, encontrarás las golosinas de toda la vida y volverás a saborear tu infancia!
Language: es
Canonical: https://www.hariboencasa.es

Open Graph

url: https://www.hariboencasa.es
title: Las mejores chuches online y las golosinas de toda la vida! | HARIBO
site name: Haribo Spain
description: Compra chuches en Hariboencasa, la tienda online de HARIBO. En la tienda de golosinas de HARIBO España, encontrarás las golosinas de toda la vida y volverás a saborear tu infancia!

Technology

Server: Apache
CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (2)

www.googletagmanager.com×3
www.facebook.com×1

Social

Contact

Phone

Address

CTRA. GIRONA-BANYOLES KM 1417844

DNS records live

NS

ns1.dntrust.com
ns2.dntrust.com
ns3.dntrust.com
ns4.dntrust.com

MX

10 mail.hariboencasa.es

Verified for

Google

Email authentication weak

SPF

not published

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XsI0S5FkobivKm20XkIexv8flf0gTyT54xDIjI/05hlIhRLzRj9FFwZopIUrOqqGcm/rBC0h/hqrep5IK…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDk9F7svq1ZuIeNV6c5Rk6ONZWprZ9jv5++YGSOR9L+QsrT9KSpJyOxbpejRviaPkYjh2xGxx6Zf5kpRdbnaajI8y…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-01-19 to 2027-02-20

Expires in 275 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.hariboencasa.es/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: font-src cash-f.squarecdn.com *.googleapis.com https://*.gstatic.com data: https://www.googletagmanager.com *.gstatic.com https://*.cloudflare.com *.hariboemcasa.pt *.fontawesome.com https://fonts.bunny.net *.stamped.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com