indexo.dev

lewandmassager.com

.com crawl

First seen 2026-05-12 · Last seen 2026-05-18 · ok HTTP/1.1 200 3238 ms crawled 2026-05-18

US · 104.26.5.185 · AS13335 Cloudflare, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Le Wand: Best Wand Vibrators and Sex Toys for Solo & Couples
Description
Le Wand is the ultimate upgrade of the iconic Hitachi Magic Wand. See why GQ, Women's Health, and others called it the best wand vibrator of 2023!
Language
en

Technology

CDN
Cloudflare
CMS
Gatsby
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • fonts.googleapis.com×9
  • cdn.jsdelivr.net×2
  • www.facebook.com×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
GoDaddy.com, LLC
Created
2016-11-07
Expires
2035-11-07 3457 days left
Updated
2026-05-12
Name servers
  • algin.ns.cloudflare.com
  • fiona.ns.cloudflare.com

DNS records live

NS
  • algin.ns.cloudflare.com
  • fiona.ns.cloudflare.com
MX
  • 10 mx.zoho.com
  • 20 mx2.zoho.com
  • 50 mx3.zoho.com
TXT
  • klaviyo-site-verification=WJ7gkX
Verified for
  • Google
  • Zoho

Email authentication strong

SPF
v=spf1 ip4:198.24.134.178/29 ip4:184.168.131.0/24 ip4:208.109.80.0/24 include:spf.mandrillapp.com include:servers.mcsv.net include:zoho.com include:spf-0.secureserver.net -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; sp=none; adkim=r; aspf=r; rua=mailto:ken@cotrinc.com
policy: quarantine · sp=none
DKIM
  • default: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwNAORYIM0yCyyUiDfWIx8ZyAjcyNhtcau81jFs0fljl9S573iGJYnaLQD+SaQK+LOkrqQ3RnBSx1ivOrgc8dSmvUCK…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

WE1
from 2026-05-12 to 2026-08-10
Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.lewandmassager.com/

present
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • missing Content Security Policy
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-content-type-options
nosniff
content-security-policy-report-only
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.quadpay.com https://*.zip.co maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdn.jsdelivr.net *.lewandmassager.com *.bvibe.com use.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.co

Links to (2)

Linked from (5)