hellocash.com

.com crawl

First seen 2026-04-23 · Last seen 2026-05-14 · ok HTTP/1.1 200 4874 ms crawled 2026-05-17

US · 104.18.27.164 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: helloCash – Kartenterminals & Online-Zahlungen für kleine Unternehmen
Description: helloCash – Kartenterminals, Online-Zahlungen und Zahlungslinks für kleine Unternehmen in Europa. Einfach, transparent und ohne Vertragsbindung.
Language: de

Technology

CDN: Cloudflare

Analytics

Cloudflare Insights

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×4
fonts.gstatic.com×1
static.cloudflareinsights.com×1

Registration

Registrar

GoDaddy.com, LLC

Created

2001-08-09

Expires

2026-08-09 81 days left

Updated

2026-03-30

Name servers

eloise.ns.cloudflare.com
nitin.ns.cloudflare.com

DNS records live

NS

eloise.ns.cloudflare.com
nitin.ns.cloudflare.com

MX

0 hellocash-com.mail.protection.outlook.com

TXT

Show 4 TXT records

MS=ms41383197
a3a533193f1bff12efb64260a5e20f7a
google-site-verification=6U4i7L4qxY743uM0gKEHA6PW2xXncDPDfLal_jBu4Ys
replit-verify=80b75619-789a-4cc1-b838-25349b6dbbbd

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9NfrhFuXbV9quKFJ7wwT531Q6uHlRMMumj6jA5dzXTxaP5eHuVcfGYSvgayJkJYg4YFiKNbdIrL5Z…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/zOHpJr3OtUbK3QjMK1VmbmK3rLHmn+87BpX277sHItiTILc8bjywamVSiPlu7z9gN59ZNn24jnle…

selectors probed

Certificate (current)

from 2026-03-30 to 2026-06-28

Expires in 40 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://hellocash.com/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: geolocation=(), microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://widget.intercom.io https://js.intercomcdn.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://*.team.blue; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.team.blue; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://*.team.blue; img-src 'self' data: https://fonts.gstatic.com https://downloads.intercomcdn.com https://static.intercomassets.com https://js.intercomcdn.com https://images.unsplash.com https://picsum.photos https://fastly.picsum.photos https://*.team.blue; connect-src 'self' https://api-iam.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://ipapi.co https://cloudflareinsights.com https://*.team.blue; frame-src 'self' https://intercom-sheets.com https://challenges.cloudflare.com https://play.gumlet.io https://*.team.blue; base-uri 'self'; form-action 'self'; fram
strict-transport-security: max-age=63072000; includeSubDomains, max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin

Linked from (1)

hellocash.de×2