indena.com

.com crawl

First seen 2026-04-18 · Last seen 2026-05-13 · ok HTTP/1.1 200 1956 ms crawled 2026-05-13

DE · 78.46.84.144 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

sector health type homepage

HTML metadata

Title

Indena | Science is our Nature

Description

Leading company dedicated to the identification, development and production of high quality active principles from plants, for pharma and healthfood industries.

Language

Translations

Open Graph

url: https://www.indena.com/
title: Home
locale: en_GB
site name: Indena
description: Indena is ingredients derived from medicinal plants, for pharmaceutical products, health food and CDMOs

Technology

Server: PWS

Fonts

Google Fonts

Third-party hosts loaded (1)

fonts.googleapis.com×2

Social

Contact

Phone

Registration

Registrar

Total Web Solutions Limited

Created

1996-06-14

Expires

2026-06-13 24 days left

Updated

2025-06-14

Name servers

dns.mnt.it
dns2.mnt.it

DNS records live

NS

dns.mnt.it
dns2.mnt.it

MX

0 indena.esvacloud.com
0 indena2.esvacloud.com

TXT

MS=ms70173431
google-site-verification=Yh5L1pyJBFXPBrI4QrBZg8sVPYhxHJzTO_v5HxTHwrk
apple-domain-verification=8nRZ9xzekCMrb9be

Email authentication partial

SPF: v=spf1 a mx ip4:83.103.88.36 ip4:88.149.195.152 ip4:85.18.121.15 ip4:51.210.174.199 ip4:217.19.147.225 ip4:147.78.252.0/24 ip4:81.174.55.97 -all
strict (-all)
DMARC: v=DMARC1; p=none; rua=mailto:dmarc@indena.com
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-10-09 to 2026-10-10

Expires in 143 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.indena.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(), midi=(), sync-xhr=(), accelerometer=(), gyroscope=(), magnetometer=(), camera=(), microphone=(), payment=(), usb=(), fullscreen=(self), autoplay=(self), picture-in-picture=*
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://player.vimeo.com 'nonce-rbrxNIRsWYmFA5nduHetew=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://i.ytimg.com https://i3.ytimg.com https://img.youtube.com https://i.vimeocdn.com https://f.vimeocdn.com https://*.tile.openstreetmap.de https://*.tile.openstreetmap.org; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://fresnel.vimeo.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob:
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=15768000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin

Links to (6)

Linked from (1)

ceceditore.com×2