indexo.dev

mybmwprotection.com

.com crawl

First seen 2026-05-10 · Last seen 2026-05-10 · ok HTTP/1.1 200 3170 ms crawled 2026-05-16

US · 34.234.118.0 · AS14618 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Language
en

Technology

Fonts
  • Google Fonts

Third-party hosts loaded (1)

  • fonts.gstatic.com×1

Registration

Registrar
GoDaddy.com, LLC
Created
2023-06-12
Expires
2028-06-12 753 days left
Updated
2023-07-20
Name servers
  • ns-1161.awsdns-17.org
  • ns-1735.awsdns-24.co.uk
  • ns-190.awsdns-23.com
  • ns-939.awsdns-53.net

DNS records live

NS
  • ns-1161.awsdns-17.org
  • ns-1735.awsdns-24.co.uk
  • ns-190.awsdns-23.com
  • ns-939.awsdns-53.net
MX
  • 10 mybmwprotection-com.mail.protection.outlook.com
TXT
  • SFMC-v3bAU5LGBiDQzEEE0UKR6Y7mDVKvjJmGI6Lj459C
Verified for
  • GlobalSign
  • Microsoft 365

Email authentication strong

SPF
v=spf1 mx a:zgateway.zuora.com ip4:12.177.93.3 ip4:38.84.54.2 ip4:67.220.123.212 ip4:199.193.194.38 include:47077450.spf01.hubspotemail.net include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1; p=quarantine
policy: quarantine
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut3N1shmTkhBjLCFLoq4p3nUzzS7iRg17ym7TvN2PFtUsSlJLanOAOnZjUFHLPjhPqE/5m+4pD0R2d…
selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018
from 2025-10-10 to 2026-11-11
Expires in 174 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://mybmwprotection.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
DENY
permissions-policy
geolocation=(self), microphone=()
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://lptag.liveperson.net https://lpcdn.lpsnmedia.net https://static.cdn.prismic.io https://fast.wistia.com https://cdn.lr-in.com https://*.prismic.io https://prismic.io https://maps.googleapis.com https://maps-api-v3.api.js https://va.v.liveperson.net https://accdn.lpsnmedia.net https://www.googletagmanager.com https://cdn.userway.org https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hubspot.com https://fast.wistia.com https://fast.wistia.net https://browser.sentry-cdn.com https://cdn-cookieyes.com https://cdn.jsdelivr.net/npm/browser-image-compression@2.0.2/dist/browser-image-compression.js https://*.wistia.com https://*.wistia.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.userway.org https://cdn-cookieyes.com;img-src 'self' data: https://fast.wistia.com https://fast.wistia.net https://embed-ssl.
strict-transport-security
Strict-Transport-Security: max-age=31536000; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin

Linked from (1)