indexo.dev

heroesvillains.com

.com crawl

First seen 2026-04-16 · Last seen 2026-05-11 · ok HTTP/1.1 200 604 ms crawled 2026-05-11

US · 188.114.97.3 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Heroes & Villains | Premium Licensed Apparel & Accessories Store
Description
Heroes & Villains provides a timeless and authentic approach to wearable lifestyle gear for those who expect more from the story. Featuring officially licensed merchandise from Star Wars, Marvel, DC Comics, Disney, Dungeons & Dragons, and more.
Language
en
Canonical
https://heroesvillains.com/
Translations
  • en ×2
  • fr

Open Graph

url
https://heroesvillains.com/
title
Heroes & Villains | Premium Licensed Apparel & Accessories Store
site name
Heroes & Villains
description
Heroes & Villains provides a timeless and authentic approach to wearable lifestyle gear for those who expect more from the story. Featuring officially licensed merchandise from Star Wars, Marvel, DC Comics, Disney, Dungeons & Dragons, and more.

Technology

CDN
Cloudflare
CMS
Shopify
Third-party hosts loaded (12)
  • cdn.shopify.com×16
  • shop.app×2
  • api.judge.me×1
  • cdn.judge.me×1
  • cdn1.judge.me×1
  • config.gorgias.chat×1
  • config.gorgias.help×1
  • content.9gtb.com×1
  • customer-first-focus.b-cdn.net×1
  • fonts.shopifycdn.com×1
  • monorail-edge.shopifysvc.com×1
  • static.klaviyo.com×1

Social

Registration

Registrar
GoDaddy.com, LLC
Created
2012-03-04
Expires
2029-03-04 1018 days left
Updated
2026-03-05
Name servers
  • boyd.ns.cloudflare.com
  • daniella.ns.cloudflare.com

DNS records live

NS
  • boyd.ns.cloudflare.com
  • daniella.ns.cloudflare.com
MX
  • 0 heroesvillains-com.mail.protection.outlook.com
TXT
  • klaviyo-site-verification=NCyPRG
Verified for
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:mailgun.org include:spf.mandrillapp.com -all
strict (-all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

E8
from 2026-04-02 to 2026-07-01
Expires in 41 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://heroesvillains.com/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
findings
  • short HSTS max-age
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests;
strict-transport-security
max-age=7889238

Links to (6)

Linked from (5)