indexo.dev

merchyeah.com

.com crawl

First seen 2026-05-24 · Last seen 2026-05-31 · ok HTTP/1.1 200 1539 ms crawled 2026-05-29

US · 198.46.85.210 · AS54641 InMotion Hosting, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Create and Sell Merch on a FREE Web Store | MerchYeah
Description
Create and sell custom merch at absolutely no cost to you, and make profit on your FREE web store. You pay NOTHING! We pay YOU!
Language
en
Canonical
https://www.merchyeah.com/

Open Graph

url
https://www.merchyeah.com/
title
Create and Sell Merch on your FREE Web Store
image:url
https://www.merchyeah.com/sites/all/themes/my/images/MY_MY_HomeFBShare.jpg
site name
MerchYeah
description
Create and sell custom merch at absolutely no cost to you, and make profit on your FREE web store. You pay NOTHING! We pay YOU!

Technology

Server
Apache
CMS
Drupal
Analytics
  • Google Tag Manager

Third-party hosts loaded (3)

  • www.facebook.com×1
  • www.googletagmanager.com×1
  • www.w3.org×1

Social

Registration

Registrar
DreamHost, LLC
Created
2022-02-11
Expires
2027-02-11 253 days left
Updated
2026-01-11
Name servers
  • ns1.inmotionhosting.com
  • ns2.inmotionhosting.com

DNS records live

NS
  • ns1.inmotionhosting.com
  • ns2.inmotionhosting.com
MX
  • 0 ded7589.inmotionhosting.com

Email authentication partial

SPF
v=spf1 ip4:198.46.85.210 include:merchyeah.com include:inmotionhosting.com include:mailgun.org ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:webmaster@merchyeah.com
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyr/TORXTkm3efX3cx/CtW+mYjQCoqTzVvxmFg6ByCTKMtfc9WM4VA9eY80H8dIQi/AxjI0hXcn54qW…
selectors probed

Certificate (current)

R12
from 2026-05-12 to 2026-08-10
Expires in 68 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.merchyeah.com/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src *.instagram.com *.paypal.com *.tawk.to *.fontawesome.com *.element31.com merchyeah.com *.merchyeah.com merchyeah.test *.merchyeah.test merchyeah.local *.merchyeah.local linkpod.pro *.linkpod.pro linkpod.pro.local *.youtube.com *.hs-scripts.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.purechat.com *.purechatcdn.com *.google.com *.zdassets.com *.zendesk.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 'self' data: https: 'self' blob: data:; frame-src 'self' bandcamp.com *.bandcamp.com *.instagram.com *.chaport.com *.paypal.com *.tawk.to *.myshopify.com *.facebook.com *.facebook.net *.google.com *.youtube.com *.spotify.com *.soundcloud.com linkpod.pro *.linkpod.pro linkpod.pro.local; frame-ancestors 'self' *.paypal.com merchyeah.com *.merchyeah.com merchyeah.local *.merchyeah.local merchyeah.test *.merchyeah.test linkpod.pro *.linkpod.pro linkpod.pro.local *.myshopify.com *.facebook.com *.facebook.net *.goo

Links to (4)

Linked from (2)