indexo.dev

herbalessences.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-11 · ok HTTP/1.1 200 981 ms crawled 2026-05-08

US · 150.171.109.100 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Hair Care and Styling Products | Herbal Essences
Description
Herbal Essences does beautiful things for your hair & your head. Try hair care and styling products from Herbal Essences!
Language
en-US
Canonical
https://herbalessences.com/en-us/

Open Graph

url
https://herbalessences.com/en-us/
title
Hair Care and Styling Products | Herbal Essences
description
Herbal Essences does beautiful things for your hair & your head. Try hair care and styling products from Herbal Essences!

Technology

CDN
Azure Front Door
CMS
Next.js
Analytics
  • Google Analytics
  • Google Tag Manager

Third-party hosts loaded (5)

  • images.ctfassets.net×20
  • www.google-analytics.com×2
  • www.googletagmanager.com×2
  • cdn.pricespider.com×1
  • survey.olay.com×1

Social

Registration

Registrar
CSC Corporate Domains, Inc.
Created
1998-08-12
Expires
2026-08-11 83 days left
Updated
2025-08-07
Name servers
  • ns1-09.azure-dns.com
  • ns2-09.azure-dns.net
  • ns3-09.azure-dns.org
  • ns4-09.azure-dns.info

DNS records live

NS
  • ns1-09.azure-dns.com
  • ns2-09.azure-dns.net
  • ns3-09.azure-dns.org
  • ns4-09.azure-dns.info
MX
  • 10 mail.herbalessences.com
TXT
Show 4 TXT records
  • google-site-verification=OgXDsq3pudIiu3NnupScDPR46jAmRl0Wii1KPI5DixU
  • 'google-site-verification=CGDWF3OwHaoll6QwDewYhpQEnrWR0pIzJ38OXSbIahY'
  • google-site-verification=1gbTCrGXKL73z68fcsSRvsntN2Fh0DoS2-tTK4fpZmk
  • herbal-essences-en-us.azurewebsites.net

Email authentication weak

SPF
not published
DMARC
v=DMARC1; p=none; sp=none; fo=1; ri=3600; rua=mailto:dmarc_agg@vali.email;
policy: none (monitoring only) · sp=none
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R40
from 2025-12-08 to 2027-01-08
Expires in 233 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://herbalessences.com/en-us/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lightning.force.com *.jebbit.com *.salesforce-sites.com *.pg.com *.rudderlabs.com *.salesforce.com *.salesforceliveagent.com https://pg-lex.my.site.com https://pg-lex--train.sandbox.my.site.com https://pg-lex.my.salesforce-scrt.com https://pg-lex--train.sandbox.my.salesforce-scrt.com https://service.force.com https://cdnjs.cloudflare.com https://www.youtube.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://c.lytics.io https://api.ipify.org https://cdn.segment.com https://edge.curalate.com http://edge.curalate.com https://z.moatads.com https://s3.us-west-2.amazonaws.com https://ss.click2cart.com https://click2cart.com api.tiles.mapbox.com pghub.io *.cookielaw.org *.rudderstack.com cdn.rudderlabs.com *.onetrust.com *.iesnare.com connect
strict-transport-security
max-age=31536000; includeSubdomains

Links to (17)

Linked from (3)