indexo.dev

looties.io

.io crawl

First seen 2026-04-28 · Last seen 2026-05-18 · ok HTTP/1.1 200 291 ms crawled 2026-05-06

US · 75.2.60.5 · AS16509 Amazon.com, Inc.

Reputation 97/100 dmarc monitor-only

sector tech type ecommerce

HTML metadata

Title
Looties – Developer Merch Marketplace | Buy & Sell Tech Swag
Description
Buy and sell rare tech swag, conference merch, and onboarding kits from top tech companies. Peer-to-peer marketplace with buyer protection on every order.
Language
en
Canonical
https://looties.io/

Open Graph

url
https://looties.io/
title
Looties – Developer Merch Marketplace | Buy & Sell Tech Swag
locale
en_US
site name
Looties
description
Buy and sell rare tech swag, conference merch, and onboarding kits from top tech companies. Peer-to-peer marketplace with buyer protection on every order.
locale:alternate
fr_FR

Technology

CDN
Netlify
Analytics
  • Google Tag Manager

Third-party hosts loaded (3)

  • kwaepdebiqwudpiixuyp.supabase.co×2
  • bolt.new×1
  • www.googletagmanager.com×1

Contact

Address
Annecy, FR

DNS records live

NS
  • dns16.ovh.net
  • ns16.ovh.net
MX
  • 1 smtp.google.com
TXT
  • google-site-verification=0PL2Ae13x9dtWwx6JWWw1L3i127MpnTqKV08Iw_OUMw
  • stripe-verification=fd7ff065997c6589262134f22622a6c406b559199be763d5d2a55dc71fa889a6

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:spf.resend.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • google: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l5LUHfCGRYmjzh9uaJSO0+frvMo+1jeblcfwGYRFTKTn6m6Zc7pa2SmqLFREPxeLGWMM8mvxPRIojYU…
selectors probed

Certificate (current)

E7
from 2026-03-13 to 2026-06-11
Expires in 23 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://looties.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
permissions-policy
camera=(), microphone=(), geolocation=(), payment=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://maps.googleapis.com https://js.stripe.com https://connect-js.stripe.com https://bolt.new; connect-src 'self' https://kwaepdebiqwudpiixuyp.supabase.co wss://kwaepdebiqwudpiixuyp.supabase.co https://api.stripe.com https://q.stripe.com https://connect-js.stripe.com https://maps.googleapis.com https://in.logs.betterstack.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com; img-src 'self' data: blob: https://*.stripe.com https://kwaepdebiqwudpiixuyp.supabase.co https://images.pexels.com https://unpkg.com https://*.tile.openstreetmap.org https://looties.io https://www.google-analytics.com https://maps.gstatic.com https://www.uneed.best https://open-launch.com; frame-src 'self' https://stripe.com https://js.stripe.com https://connect-js.stripe.com; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action '
strict-transport-security
max-age=31536000; includeSubDomains

Linked from (1)