indexo.dev

masterspasportal.com

.com crawl

First seen 2026-05-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 19068 ms crawled 2026-05-18

US · 50.231.72.11 · AS7922 Comcast Cable Communications, LLC

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Master Spas Single Sign On
Language
en

Technology

Server
Microsoft-IIS
Fonts
  • Adobe Fonts
  • Google Fonts

Third-party hosts loaded (6)

  • cdnjs.cloudflare.com×9
  • fonts.googleapis.com×2
  • kendo.cdn.telerik.com×2
  • cdn.jsdelivr.net×1
  • fonts.gstatic.com×1
  • use.typekit.net×1

Registration

Registrar
GoDaddy.com, LLC
Created
2016-09-21
Expires
2026-09-21 124 days left
Updated
2022-09-29
Name servers
  • ns25.domaincontrol.com
  • ns26.domaincontrol.com

DNS records live

NS
  • ns25.domaincontrol.com
  • ns26.domaincontrol.com
MX
  • 0 masterspasportal-com.mail.protection.outlook.com
TXT
  • NETORGFT7271869.onmicrosoft.com

Email authentication weak

SPF
v=spf1 include:secureserver.net -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Go Daddy Secure Certificate Authority - G2
from 2025-08-08 to 2026-09-09
Expires in 113 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://login.masterspasportal.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Ddealer_portal%26redirect_uri%3Dhttps%253A%252F%252Fmasterspasportal.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520dealer_portal%26code_challenge%3DFtJf3mUaPPOwNz17hQtivQu_HTMLY50qnVf0MXRmabE%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D639146710181335798.YmMxOTdiYzgtMDlhZS00ZTMxLTlkODYtNGIwYWY1NWI4ZTRmMjBmNGI1MjctMjljOC00NTE1LWExNDItNzBiMjYwOWNmNDdk%26state%3DCfDJ8PbsR7CuMbJAnFKfR4fOtltoMh_5gymHXSJrgKa9NUIXTEtIu_GYjay_7z5aPBOP7CCSIyqJhUmLpgVWKPdLAVjAscP6WiM8fOLt_vHrGvYbHEJMMDFdk91KGC0WLhZcUILe8ENQ0oiv2LagjwM8qUBwN1en3BCQQCKFuNui-jbVBRPuS6Z4VOwfYFlowT8HzSxwB1a5vskkWyGObBwe4lSA44UyxzWW_O6-EBKkjv0S6fksP21TVAAEcVfy1g5lSnbsvg2O56DJ_iT5wZ-8gF5GbMoERueZGZgfh9H9g9bN1HEpkZUElpq2js810MHVqZLpMJZfb1hWWywEPeQQp6vmgIL8apUToY1LU2tcoI4Z5N738MugxYgzpMNwRFujcw%26x-client-SKU%3DID_NET8_0%26x-client-ver%3D7.1.2.0

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';style-src 'unsafe-inline' *.masterspasportal.com localhost:44334 https://fonts.googleapis.com https://kendo.cdn.telerik.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net;font-src 'self' data: https://fonts.gstatic.com http://www.w3.org https://use.fontawesome.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://use.typekit.net;img-src 'self' data:;script-src 'unsafe-inline' 'unsafe-eval' *.masterspasportal.com localhost:44334 https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://*.mouseflow.com;connect-src ws://localhost:* wss://localhost:* http://localhost:* https://*.mouseflow.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://logindev.masterspasportal.com https://logintst.masterspasportal.com https
strict-transport-security
max-age=2592000

Links to (1)

Linked from (5)