indexo.dev

mortgagexperts.co

.co crawl

First seen 2026-05-16 · Last seen 2026-05-16 · ok HTTP/1.1 200 3214 ms crawled 2026-05-20

US · 34.111.179.208 · AS396982 Google LLC

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
MortgageXpert by CreditXpert
Language
en

Technology

Server
Google
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

DNS records live

NS
  • ns21.domaincontrol.com
  • ns22.domaincontrol.com
MX
  • 0 mortgagexperts-co.mail.protection.outlook.com
TXT
  • NETORGFT20085256.onmicrosoft.com
  • replit-verify=a416d32b-9ddf-4942-9fd6-2a84ad2a4a42

Email authentication partial

SPF
v=spf1 include:secureserver.net -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Xl3WEJVKbo71kmVWWVGuIP9qKVAq97GptbzL++SXitShMBtsUaDQNuNJ+ERAQxL/PhppiNTH6qBxka7jW…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK8kafzN8Om5Eh+XdDXtlpD296KiviHMddVSa1644O2cgNLst5hOyAz5VEy7Eg+Kg7TuqdxNNcK4JH1Rfw…
selectors probed

Certificate (current)

E7
from 2026-03-17 to 2026-06-15
Expires in 25 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://mortgagexperts.co/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://www.redditstatic.com https://js.hs-scripts.com https://*.hubspot.com https://*.hsforms.com https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://js.hs-analytics.net https://connect.facebook.net https://ws.zoominfo.com https://cdn.pendo.io;img-src 'self' data: https: blob:;connect-src 'self' ws: wss: https: https://maps.googleapis.com https://*.googleapis.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.hotja
strict-transport-security
max-age=63072000; includeSubDomains, max-age=31536000; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin

Linked from (1)