indexo.dev

hhbagels.com

.com crawl

First seen 2026-05-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 14500 ms crawled 2026-05-18

CA · 23.227.38.65 · AS13335 Cloudflare, Inc.

Reputation 67/100 wrong cert no dmarc policy

ecommerce

HTML metadata

Title
Like No Other Bagel in the World | H&H Bagels
Description
H&H Bagels, “Like No Other Bagel in the World”, NYC’s legendary bagels since 1972 available retail, wholesale, catering, and nationwide shipping.
Language
EN

Open Graph

title
Like No Other Bagel in the World
description
H&H Bagels, “Like No Other Bagel in the World”, NYC’s legendary bagels since 1972 available retail, wholesale, catering, and nationwide shipping.

Technology

CDN
Cloudflare
CMS
Shopify
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • cdn.shopify.com×29
  • cdn.sanity.io×10
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • shop.app×1

Social

Registration

Registrar
GoDaddy.com, LLC
Created
1997-01-22
Expires
2028-01-23 613 days left
Updated
2026-01-24
Name servers
  • ns49.domaincontrol.com
  • ns50.domaincontrol.com

DNS records live

NS
  • ns49.domaincontrol.com
  • ns50.domaincontrol.com
MX
  • 10 hhbagels-com.mail.protection.outlook.com
TXT
Show 6 TXT records
  • 4e9t8rs724lrcfh6vd8amp5s4c
  • anthropic-domain-verification-d7qh78=STgxLSMumSYmurM6CDCouHtkT
  • v=verifydomain MS=8773912
  • MS=ms56291497
  • google-site-verification=_3-EbfZeU0GLWeiM3hCwgfmFy83X12WfyZVCSXG5XWg
  • MS=ms15155655

Email authentication weak

SPF
v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current) wrong cert

Go Daddy Secure Certificate Authority - G2
from 2025-08-27 to 2026-09-28
Expires in 132 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.hhbagels.com/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
base-uri 'self'; default-src 'self' 'nonce-d22a34fe35008bc9e6f8deb8f5830470' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.shopify.com; connect-src 'self' https://acsbapp.com https://*.acsbapp.com https://stockist.co https://*.stockist.co https://gap.stockist.workers.dev https://us-central1-api-project-539888104971.cloudfunctions.net https://us-central1-stockist-prod.cloudfunctions.net https://formspree.io https://*.formspree.io https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://googleadservices.com https://*.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://google.com https://*.google.com https://doubleclick.net https://*.doubleclick.net https://vimeo.com https://*.vimeo.com https://
strict-transport-security
max-age=31536000

Links to (6)

Linked from (1)