indexo.dev

hybrid.co

.co crawl

First seen 2026-04-24 · Last seen 2026-05-15 · ok HTTP/1.1 200 8135 ms crawled 2026-05-18

US · 54.177.148.248 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Hybrid - The Growth Engine for Education
Description
Full-service marketing partner for the education sector – backed by unrivalled insight, advanced technology, and AI-driven enrolment strategies.
Language
en
Canonical
https://hybrid.co/

Open Graph

url
https://hybrid.co/
title
Hybrid - The Growth Engine for Education
site name
Hybrid
description
Full-service marketing partner for the education sector – backed by unrivalled insight, advanced technology, and AI-driven enrolment strategies.

Technology

Server
nginx
CMS
Next.js

Third-party hosts loaded (1)

  • a.storyblok.com×21

Social

Contact

Phone

DNS records live

NS
  • ns-1342.awsdns-39.org
  • ns-1765.awsdns-28.co.uk
  • ns-385.awsdns-48.com
  • ns-625.awsdns-14.net
MX
  • 0 hybrid-co.mail.protection.outlook.com
TXT
  • wiz-domain-verification=1f7b6bf372ca50ef49373fdf33268eac3dd4f521fd7f6a44797b7a83a3a35b74
  • anthropic-domain-verification-cf5s5z=V8APAMYqX7dkBFe0zXJZwRuvb
  • hibp-verify=dweb_0aqecvaowyeef1mnnedr8a2o

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com include:mail.zendesk.com include:spf.uk.exclaimer.net include:spf.sinorrah.co.uk include:7379496.spf03.hubspotemail.net include:_spf.spamtitan.com include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; sp=none; rua=mailto:dmarc_agg@vali.email,mailto:dmarc@hybrid.co; ruf=mailto:dmarc@hybrid.co; fo=0
policy: quarantine · sp=none
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXDGbjcUmu29aSS7liA4crPSW3g2p0FSLFRdkuLP1+N7X8p3JUUD+FkwWXg9eXC6sNfrqDmj4OSEqr…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

R13
from 2026-04-17 to 2026-07-16
Expires in 58 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://hybrid.co/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • weak content type protection
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
*, SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=(), camera=(), microphone=(), geolocation=(), interest-cohort=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' *.hybrid.co; script-src 'self' https://app.termly.io https://*.termly.io 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.vimeo.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://app.storyblok.com https://paperform.co https://*.paperform.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://paperform.co https://*.paperform.co; img-src 'self' data: blob: https: http:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://vimeo.com https://*.vimeo.com https://player.vimeo.com https://app.termly.io https://*.termly.io *.hybrid.co https://www.google-analytics.com https://api.storyblok.com https://gapi.storyblok.com https://a.storyblok.com https://region1.google-analytics.com https://paperform.co https://*.paperform.co; media-src 'self' https://a.storyblok.com https://*.storyblok.com https://*.vimeo.com https://player.vimeo.com https://*.vime
strict-transport-security
max-age=63072000; preload, max-age=63072000; includeSubDomains; preload

Links to (6)

Linked from (1)