hero.co

.co crawl

First seen 2026-04-16 · Last seen 2026-05-11 · ok HTTP/1.1 200 904 ms crawled 2026-05-11

US · 75.2.60.5 · AS16509 Amazon.com, Inc.

Reputation 100/100

ecommerce

HTML metadata

Title: Hero Bread™ Low Net Carb Baked Goods
Description: Hero Bread™ bakes delicious low carb and zero carb bread and baked goods including zero carb white bread, low carb sandwich rolls and low carb tortillas that are all keto friendly and unbelievably tasty.
Language: en

Open Graph

url: https://www.hero.co/
title: Hero Bread™ Low Carb Bread
site name: Hero Bread
description: Feel free to eat what you love with unbelievably delicious low carb baked goods from Hero Bread™.

Technology

CDN: Netlify
CMS: Shopify

Cookie consent

Osano

Third-party hosts loaded (4)

cdn.sanity.io×3
cdn.shopify.com×1
cmp.osano.com×1
www.facebook.com×1

Social

DNS records live

NS

ns-1518.awsdns-61.org
ns-2003.awsdns-58.co.uk
ns-502.awsdns-62.com
ns-536.awsdns-03.net

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 7 TXT records

1password-site-verification=STGQCJHQZ5HCNHY5QSLCYSCPX4
MS=ms86619594 google-site-verification=wOU4B41BTXIrvShrBxlFE7MiPHc6IsrAo-aOW3apyho
anthropic-domain-verification-ze3bt7=QQXvMK6LzB2ImAw6yblSmvLnu
apple-domain-verification=beofdulOKyjg0Ni6 klaviyo-site-verification=YmVG5Z
asv=0f2acc50aab6245080ae81a1465017d0
google-site-verification=qCUdrvjfjXLUo1GBwu6LRIxmgbh2BJR1fEtbBQwwZiw
google-site-verification=wOU4B41BTXIrvShrBxlFE7MiPHc6IsrAo-aOW3apyho

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:spf.gorgias.com include:_spf.psm.knowbe4.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@hero.co; fo=1

policy: reject (enforced)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7clJFeaFCRrD3slhW3ptW7mWglAsOKJFhqDxchtbJibAf+VoFE9lTLuwGC8pjVyj+FF67lajGCv/N…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbOCg+AbaCJqw7eXkWHPz5K1ee10OaPt0WKxiGQkzfOrEZ/fRWKO2M74H/4S6CRC8YwQ7bIziQWnnfwiV3…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqjyATcU6fHA0CEd2qF16og8TPuY4HhEHEO54m22P5WownTW1yVyhvCMak27/Ku8jDIlTdgPXr7JS4ZW5q…

selectors probed

Certificate (current)

from 2026-04-11 to 2026-07-10

Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.hero.co/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer
x-frame-options: DENY
permissions-policy: geolocation=*, camera=(), microphone=(), shared-storage=()
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; object-src 'none';
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (7)

Linked from (2)

wellworthy.com×2
clevelandavenue.com×1