indexo.dev

mtu.pl

.pl crawl

First seen 2026-05-22 · Last seen 2026-05-22 · ok HTTP/1.1 200 2737 ms crawled 2026-05-28

US · 104.20.41.63 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
MTU - ubezpieczenia indywidualne i dla firm
Description
Poznaj ofertę ubezpieczeń komunikacyjnych oraz mienia. MTU Numerem 1. Zobacz!
Canonical
https://mtu.pl/

Technology

CDN
Cloudflare
CMS
Gatsby
jQuery
3.6.0
Analytics
  • Cloudflare Insights

Third-party hosts loaded (1)

  • static.cloudflareinsights.com×1

Social

DNS records live

NS
  • ns1.mtu.pl
  • ns2.mtu.pl
MX
  • 10 mtu-pl.mail.protection.outlook.com
TXT
  • GeilcNuwgPoB42/yOWba2m3L1HNsi4kD3QEiIFfRnJRh2au7nl3mBSs4qN8X8Am82RK9fi1FZEkdd+wVoettLQ==
Verified for
  • Microsoft
  • Microsoft 365

Email authentication partial

SPF
v=spf1 mx ip4:91.198.179.205 ip4:91.198.179.206 ip4:46.248.188.42 ip4:91.198.179.73 ip4:91.198.179.74 include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbSFRS0dvqSl04Xb+qudvS5e4Gj/RA9YW/hDRAS3EIBSa+77PMyrWgF/Ftb4qxmR+OmRA1d/Ep0l8/…
selectors probed

Certificate (current)

Thawte TLS RSA CA G1
from 2026-03-10 to 2026-09-25
Expires in 116 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://mtu.pl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
DENY
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(*), geolocation=(*), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.yetiz.pl blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.3way.pl https://*.doubleclick.net https://www.gstatic.com https://sc-static.net; img-src 'self' https://cdn.bsbox.pl http://cdn.bsbox.pl https://*.googleapis.com https://*.gstatic.com https://i.vimeocdn.com https://*.google-analytics.com https://sfwtepsfr.ergohestia.pl https://www.ergohestia.pl *.gravatar.com data: https://www.facebook.com https://www.google.pl https://*.google.com https://*.3way.pl https://*.googlesyndication.com https://*.doubleclick.net https://cdn.cookielaw.org https://img.youtube.com https://*.cookieyes.com https://cdn-cookieyes.com https://api.taggrs.io https://www.googletagmanager.com https://*.linkedin.com; connect-src 'self' https://unpkg.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://sfwtepsfr.ergohestia.pl https://secure.livechatinc.com https://*.doubleclick.net https://www.fa
strict-transport-security
max-age=2592000; includeSubDomains
cross-origin-opener-policy
same-origin

Links to (12)

Linked from (1)