indexo.dev

igapass.com

.com crawl

First seen 2026-05-14 · Last seen 2026-05-20 · ok HTTP/1.1 200 11206 ms crawled 2026-05-19

TR · 109.71.248.87 · AS201336 Iga Havalimani Isletmesi A S

Reputation 100/100

Classifying

HTML metadata

Title
IGA PASS | Exclusive Service at Istanbul Airport!
Description
Take advantage of all privileges at Istanbul Airport with IGA Pass packages. Enjoy with Lounge, Parking, Valet, Fast Track, Meet&Greet and Buggy!
Language
en
Canonical
https://www.igapass.com/en
Translations
  • ar
  • de
  • en
  • es
  • fr
  • ru
  • tr
  • zh

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • serve.motaword.com×3
  • www.googletagmanager.com×2
  • api.motaword.com×1
  • fonts.googleapis.com×1

Registration

Registrar
GoDaddy.com, LLC
Created
2018-06-01
Expires
2026-06-01 11 days left
Updated
2024-05-27
Name servers
  • ns77.domaincontrol.com
  • ns78.domaincontrol.com

DNS records live

NS
  • ns77.domaincontrol.com
  • ns78.domaincontrol.com
MX
  • 10 mx1.igapass.com
  • 20 mx2.igapass.com
  • 25 mx3.igapass.com
  • 30 mx4.igapass.com
TXT
  • amazonses:ysvKmzELHoKFb+FsDyLQmZefNEOFllvk/X6TyuYId1U=
  • bCk69/SeqM+45fQNq34gYdyReOgmWEIVCCCTGz32G2w=
Verified for
  • GlobalSign
  • Google
  • Meta

Email authentication strong

SPF
v=spf1 a mx ip4:109.71.248.33/32 ip4:109.71.248.36/32 ip4:109.71.248.136/32 ip4:109.71.248.137/32 ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; sp=none; rua=mailto:postmaster@ist.aero; rf=afrf; pct=100; ri=86400
policy: quarantine · sp=none
DKIM
no key found at common selectors

Certificate (current)

GlobalSign RSA OV SSL CA 2018
from 2026-03-10 to 2027-04-11
Expires in 326 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.igapass.com/en

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak content type protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://*.clarity.ms https://execution-ci360.igapass.com https://active-js.motaword.com https://serve.motaword.com https://mc.yandex.ru https://mc.yandex.com https://px.ads.linkedin.com https://snap.licdn.com https://connect.facebook.net https://cdn.taboola.com https://trc.taboola.com https://bat.bing.com https://analytics.tiktok.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://ivtliteapi.mobildev.in http://ivtliteapi.mobildev.in https://www.google.com https://www.gstatic.com https://www.google.com.tr https://api.motaword.com https://*.motaword.com https://www.facebook.com https://analytics-ipv6.tiktokw.us https://secure-web.cisco.com https://cdn.amplitude.com https://api2.amplitude.com https://api.amplitude.com h
strict-transport-security
max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-embedder-policy
credentialless
cross-origin-resource-policy
same-origin

Linked from (1)