luxon.com

.com crawl

First seen 2026-04-15 · Last seen 2026-05-10 · ok HTTP/1.1 200 5188 ms crawled 2026-05-10

GB · 194.164.95.195 · AS8560 IONOS SE

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title

Luxon Pay | Instant secure global payments

Description

Welcome to Luxon Pay, the multi-currency eWallet that doesn’t charge customers any fees to deposit, withdraw, exchange or transfer money around the world.*

Language

en-US

Generator

WPML ver:4.9.2 stt:59,9,1,4,3,13,23,27,28,32,40,42,41,45,2,66,50;

Canonical

https://luxon.com/

Feeds

Luxon Pay » Feed RSS
Luxon Pay » Comments Feed RSS

Open Graph

url: https://luxon.com/
title: Luxon Pay | Instant secure global payments
locale: en_US
site name: Luxon Pay
description: Welcome to Luxon Pay, the multi-currency eWallet that allows users to deposit, withdraw, exchange or transfer money around the world.

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Fonts

Google Fonts

Third-party hosts loaded (8)

fonts.googleapis.com×4
www.googletagmanager.com×4
res.cloudinary.com×2
consent.cookiebot.com×1
fonts.gstatic.com×1
maps.googleapis.com×1
sharedsl.postaffiliatepro.com×1
www.google.com×1

Social

Contact

Phone

305628001

Address

rd is issued by Monavate UAB (Company No. 30562

Registration

Registrar

GoDaddy.com, LLC

Created

2001-03-14

Expires

2031-03-14 1759 days left

Updated

2026-03-15

Name servers

ns-1095.awsdns-08.org
ns-1830.awsdns-36.co.uk
ns-339.awsdns-42.com
ns-949.awsdns-54.net

DNS records live

NS

ns-1095.awsdns-08.org
ns-1830.awsdns-36.co.uk
ns-339.awsdns-42.com
ns-949.awsdns-54.net

MX

0 luxon-com.mail.protection.outlook.com

TXT

zone-ownership-verification-8bd67736611602f055e73475c95b0921effbeb64c36636a0c893cc71b661b624
atlassian-domain-verification=NuhSYgdpYcjJrdvIYYhVex675wymsFshzLRIg+Tuf3mJesM/uE1JifWY05kg+c1r
google-site-verification=1n9E32qk1n_HXf_CIyoD7C3oA9oJw_f-BJ5h6fb-Mlc

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:spf.pushwoosh.io -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM+XjOh4RObsj3PF7FeW5x9LWI79HgwoZi99Y/nVJmLKH89F2uvOzefwIhaTm8qvXy8YJsbqd1AcqIhGSC…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxkof7T7NeQfY1hfvFLXVoFNdhrJw2iYtmb1NoDo4qKFPm5iZllnwbBjfcQNYa9byIAEAnTrdgs45xVhmC5DwlOS…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-01-21 to 2027-01-22

Expires in 247 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://luxon.com/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: object-src 'none'; base-uri 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: http:; connect-src 'self' https: wss: https://*.intercom-messenger.com wss://*.intercom-messenger.com; img-src 'self' data: blob: https:; child-src 'self' https:; font-src 'self' https:; style-src 'self' 'unsafe-inline' https:; form-action 'self' https:;

Links to (5)

Linked from (1)

coinrivet.com×2