indexo.dev

hotjar.com

.com toplist crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1518 ms crawled 2026-05-18

US · 13.33.235.50 · AS16509 Amazon.com, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Hotjar: Website Heatmaps & Behavior Analytics Tools
Description
The next best thing to sitting beside someone browsing your site. See where they click, ask what they think, and learn why they drop off. Get started for free.
Language
en
Canonical
https://www.hotjar.com/
Translations
  • de
  • es
  • fr
  • it
  • ja

Open Graph

title
Hotjar: Website Heatmaps & Behavior Analytics Tools
description
The next best thing to sitting beside someone browsing your site. See where they click, ask what they think, and learn why they drop off. Get started for free.

Technology

CDN
Amazon CloudFront
CMS
Next.js
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • images.ctfassets.net×33
  • cdn.optimizely.com×1
  • unpkg.com×1
  • www.googletagmanager.com×1

Social

Contact

Address
st CenterAcceptable use policyEngage Tester TermsCopyright © 2014

Registration

Registrar
Gandi SAS
Created
2007-01-23
Expires
2027-01-23 249 days left
Updated
2025-12-19
Name servers
  • ns-1049.awsdns-03.org
  • ns-1740.awsdns-25.co.uk
  • ns-474.awsdns-59.com
  • ns-873.awsdns-45.net

DNS records live

NS
  • ns-1049.awsdns-03.org
  • ns-1740.awsdns-25.co.uk
  • ns-474.awsdns-59.com
  • ns-873.awsdns-45.net
MX
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 30 alt2.aspmx.l.google.com
  • 40 aspmx2.googlemail.com
  • 50 aspmx3.googlemail.com
TXT
Show 30 TXT records
  • zapier-domain-verification-challenge=b3f25e2f-55b5-431e-a2b2-ac9d02c20ff1
  • zapier-domain-verification-challenge=a2db56ae-8416-457c-806e-d13a70cce131
  • loom-site-verification=062e481d3e82470f948acde3f490ed7f
  • monday-com-verification=Q3fM-zJax7wSaDSYPq1ikOEEfBXD0OfofGZ4BNub-uM
  • mixpanel-domain-verify=51115d25-d779-4633-a01d-07cc295f622e
  • MS=ms71662109
  • atlassian-domain-verification=ZrRRCzAEXu6Rt8csFbFro8mLbHdFFIV8PObjew3mhis4ZeUIGPE9olB4qjIg/fpX
  • docker-verification=c32d8e66-64c7-4003-b4da-6959a17dd16b
  • cursor-domain-verification-xnxx1x=8pvRo0VResT5gVi84qkYAuqsY
  • loom-verification=4794730025
  • google-site-verification=QCnIv31NwV_43DuVKrjEd02s-hmcXBJFfhjZZ7WLcGc
  • 1password-site-verification=KASYZA5P7BFPNLAJF7OJXB4AGA
  • mongodb-site-verification=MRoHfxXNY8U4kk3t1RBF7f4tPlTv9i9S
  • hubspot-developer-verification=MjI0ZTViMWUtZmMxNi00NjBjLWFmMDctOWMyZjBlOWMxOTg2
  • google-site-verification=-SK6ManVKmMJ0Y3E5nRTU0qvE5geYbC-3o0FHCRFfAE
  • adobe-idp-site-verification=f89818cce2a5552dea41256864bf659e1a500d4113f56e9a8cc2551fbda79d1c
  • lovable_verification=NkMjoDBkXP64uRuGEbIf
  • protonmail-verification=9e4d0310f3bcbad8a9695663425fa06eb3ca8806
  • google-site-verification=Z2UrBbrNmI__zUHWISAYmqP1pHAQ_3IgpraHtZ5lVWQ
  • atlassian-domain-verification=PhFr7m+NL66maSfKMnRb1Rp8vhGVbDLPyYPLSDZHPjabIXsfpOtGHQLoNBKzRoZ6
  • stripe-verification=8BD243B2431EF42C3F860FD6D9BFDE93F974909AEA7D56D7049782DDF22B7E41
  • google-site-verification=65LnEfnj9-Oooat6efnDWBk8b0jVIoWvsnh5MgtaOMM
  • unbounce571164
  • docusign=61e9409b-5f82-4c2b-9191-a2f9f67b3143
  • dust-domain-verification-wss3ry=jk8VfpaWnAPSi9sTg1DApn3fR
  • apple-domain-verification=DOoDtgFrUzwhsBts
  • ZOOM_verify_ZoL82GLHAPUadNpWa746HC
  • google-site-verification=94WbRw173SJmzoUFmL65oZDQ_k6NzK7V_vTwmjTyojw
  • status-page-domain-verification=ggq0xfsy0530
  • google-site-verification=nASytrG_N4t5HifFE2qbZ9EkPq66gSJhBB63LkWSHxE

Email authentication strong

SPF
v=spf1 include:amazonses.com include:spf.braintreegateway.com include:stspg-customer.com include:mail.zendesk.com a:zgateway.zuora.com include:spf.tipalti.com include:_spf1.hotjar.com ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; rua=mailto:re+sc9orosaozu@dmarc.postmarkapp.com; sp=reject; aspf=r;
policy: reject (enforced) · sp=reject
DKIM
Show 5 DKIM selectors
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCB5koEin+VRSlk69XevJfsFZQyykTKN8ozxf/1vf4kjns9NaQHHa96NHJAW4+c920Fk6+XssWbPkD4036c65…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDONVFRBQH3QcGHXxjBTX1UHX5sQzJ22LeoR8j606avv1MhcrWjSkud1spN6vCV+B3mwpbmx6lBYt76iot+r6zd90TI7It…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoCMuQP1aiBBdytJl2DUkaC0DbY1TLwT0PfYDb0pU5qR/lSt0/2gCJxCS6y6rNwBnZLQsrWVmYyaz6/67F…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDezqBb2VjEllhUCPwOqOXCxiFxC8/K4YkqEXxzvTRIx3+IoKQjL6FMmFM+e2LBXN6NnA3FGq9iI2Vbo9tq0ub1UF…
  • smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…
selectors probed

Certificate (current)

Amazon RSA 2048 M02
from 2025-07-24 to 2026-08-22
Expires in 95 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.hotjar.com/

present
  • strict-transport-security
findings
  • short HSTS max-age
  • missing Content Security Policy
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
strict-transport-security
max-age=2592000; includeSubDomains

Links to (6)

Linked from (50)