indexo.dev

inbox.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-31 · ok HTTP/1.1 200 515 ms crawled 2026-05-27

DE · 167.99.248.199 · AS14061 DigitalOcean, LLC

Reputation 100/100

Classifying

HTML metadata

Title
Inbox.com - Premium email
Description
Step into the world of secure, ad-free communication with our premium email service. Recognized as an industry leader, we put your privacy above all else.
Language
en
Canonical
https://www.inbox.com

Open Graph

url
https://www.inbox.com
title
Inbox.com - Premium email
locale
en_US
site name
Inbox.com
description
Step into the world of secure, ad-free communication with our premium email service. Recognized as an industry leader, we put your privacy above all else.

Technology

CMS
Next.js

Contact

Address
Dronning Mauds gate 3, 0250, Oslo, Oslo, NO

Registration

Registrar
Domeneshop AS dba domainnameshop.com
Created
1995-04-16
Expires
2028-04-17 682 days left
Updated
2025-11-26
Name servers
  • sage.ns.cloudflare.com
  • veronica.ns.cloudflare.com

DNS records live

NS
  • sage.ns.cloudflare.com
  • veronica.ns.cloudflare.com
MX
  • 10 mx.dka.mailcore.net
Verified for
  • Stripe

Email authentication strong

SPF
v=spf1 include:spf.mailcore.net include:mail.zendesk.com include:sendgrid.net -all
strict (-all)
DMARC
v=DMARC1; p=reject; adkim=s; aspf=s; fo=1; sp=reject; ruf=mailto:postmaster@inbox.com; rua=mailto:e1d6dbafde954f21aab6915fa1b4b59a@dmarc-reports.cloudflare.net;
policy: reject (enforced) · sp=reject
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuewloTleGcsOOwQpyHOjPH+KA+j02TtkshbKSGY4nU58rfA06qhucwFj7aEdZnVkSZzt6ljLIxpRlevCJz…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3sbld96/HRHdtKTgQCFSPENcXvoyN7Ybi5cCbSTFeMs/m+kcpFxHb4bTBJzvEua9bq3nlE65K7dxcxsqmtMqAiQ…
selectors probed

Certificate (current)

R13
from 2026-04-06 to 2026-07-05
Expires in 31 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.inbox.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://strapi.inbox.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no https://*.recurrent.no;
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin

Linked from (3)