indexo.dev

heurio.co

.co crawl

First seen 2026-06-04 · Last seen 2026-06-04 · ok HTTP/1.1 200 494 ms crawled 2026-06-04

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Heurio - Transform hours of bug reports into minutes
Description
Heurio is a visual website review tool — pin comments on any live site, collaborate with your team on UX, bug reports, and copy, and cut review cycles from days to minutes.
Language
en
Canonical
https://www.heurio.co

Open Graph

url
https://www.heurio.co
title
Heurio - Transform hours of bug reports into minutes
description
Heurio is a visual website review tool — pin comments on any live site, collaborate with your team on UX, bug reports, and copy, and cut review cycles from days to minutes.

Technology

CDN
Vercel
CMS
Next.js

Social

DNS records live

NS
  • dns1.registrar-servers.com
  • dns2.registrar-servers.com
MX
  • 1 aspmx.l.google.com
  • 10 aspmx2.googlemail.com
  • 10 aspmx3.googlemail.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
Verified for
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:_spf.google.com include:sendgrid.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email
policy: none (monitoring only)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwjqqvyR17vyDYE4NkT00m3xo3uv15qWt8ehpjKTQmGCo34O6uKSU9JOP4ham858I9UO8J4XABBrLg…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupmlM3oNp0y7Igc9lLW3IWlGK8Y6BwVmZ/L+DC+52j4VXgBavaFd1mVzGIGuCdXZQqNtCv65/3zP9S56Qw…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuUVJnZA/xpDIOdpS55YzGcUCtdPCNlozuIhzHDvVRNvgz9kMUtZQl2ybanYuhBepiQdura6rNjLIKx+7H…
selectors probed

Certificate (current)

R13
from 2026-04-29 to 2026-07-28
Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.heurio.co/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; frame-src 'self' https://demo.arcade.software https://www.youtube.com https://www.youtube-nocookie.com https://app.cal.com https://*.cal.com https://docs.google.com; upgrade-insecure-requests
strict-transport-security
max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy
same-origin-allow-popups

Links to (7)

Linked from (1)

Use this data via API

Everything on this page for heurio.co is available as JSON from the indexo.dev REST & MCP API.

curl "https://indexo.dev/api/v1/domains/heurio.co" \
  -H "X-API-Key: idx_..."

Read the docs & get a free key →