indexo.dev

hkfoodservice.fi

.fi crawl

First seen 2026-05-31 · Last seen 2026-06-01 · ok HTTP/1.1 200 238 ms crawled 2026-06-01

SE · 217.114.94.2 · AS30811 Optimizely AB

Reputation 100/100

Classifying

HTML metadata

Title
HKFoods Food Service
Language
fi
Canonical
https://www.hkfoodservice.fi/

Open Graph

url
https://www.hkfoodservice.fi/
title
HKFoods Food Service

Technology

CDN
Cloudflare
CMS
Gatsby
jQuery
2.2.4 known XSS (<3.5)
Analytics
  • Google Tag Manager
Social widgets
  • YouTube Embed

Third-party hosts loaded (4)

  • code.jquery.com×1
  • maxcdn.bootstrapcdn.com×1
  • www.googletagmanager.com×1
  • www.youtube-nocookie.com×1

Social

Registration

Created
2024-04-04
Name servers
  • edns8.ultradns.net [ok]
  • edns8.ultradns.org [ok]
  • edns8.ultradns.com [ok]
  • edns8.ultradns.biz [ok]

DNS records live

NS
  • edns8.ultradns.biz
  • edns8.ultradns.com
  • edns8.ultradns.net
  • edns8.ultradns.org

Email authentication no MX

SPF
not published
DMARC
v=DMARC1; p=none; rua=mailto:dmarc.rua@hkfoods.com;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-05-03 to 2026-08-01
Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.hkfoodservice.fi/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://www.hkscan.com https://consent.cookiebot.com https://service.giosg.com https://www.youtube.com/ https://rosekylling.activehosted.com/ *.cdn.jsdelivr.net/ https://old-viewer.paperturn-view.com https://www.paperturn-view.com https://www.paperturn-view.com/ 'nonce-OVglX4MevYzfW4cshDYN1qgXj9ok3s9OB4CMVhA/8nA='; font-src 'self' https://use.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://cdnjs.cloudflare.com/ https://fast.fonts.net/ https://fonts.gstatic.com https://giosg-chat-public-eu.s3.amazonaws.com https://cdn.giosgusercontent.com; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://use.typekit.net/ https://service.giosg.com https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://fast.fonts.net/ https://fonts.googleapis.com https://cookiehub.net https://cdn.cookiehub.eu/; frame-src 'self' https://318.clients.giosgusercontent.com/ https://rosekylling.activehosted.com/ hr-manager.net/ htt
strict-transport-security
max-age=300; includeSubDomains

Links to (7)

Linked from (2)