ngatikoata.com

.com ok HTTP/1.1 200 423 ms

First seen 2026-06-04 · Last seen 2026-06-18 · crawled 2026-06-18

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

sector nonprofit subsector community association type homepage

HTML metadata

Title

Ngāti Koata

Description

Te pae tukutuku o Ngāti Koata - The digital home of Ngāti Koata iwi. Ko Ngāti Koata te iwi, ko Te Tauihu o Te Waka a Māui te rohe.

Language

Canonical

https://ngatikoata.com

Translations

Open Graph

url: https://ngatikoata.com
title: Ngāti Koata
locale: mi_NZ
site name: Ngāti Koata
description: Te pae tukutuku o Ngāti Koata - The digital home of Ngāti Koata iwi
locale:alternate: en_NZ

Technology

CDN: Vercel
CMS: Next.js

Registration

Registrar

GoDaddy.com, LLC

Created

2015-08-25

Expires

2026-08-25 66 days left

Updated

2026-05-11

Name servers

ns45.domaincontrol.com
ns46.domaincontrol.com

DNS records live

NS

ns45.domaincontrol.com
ns46.domaincontrol.com

MX

0 ngatikoata-com.mail.protection.outlook.com

TXT

MS=D0999A413DF567B39C7DC5A6B3CBB156B9C8B6B0

Verified for

Google
Microsoft 365

Email authentication weak

SPF: v=spf1 include:spf.protection.outlook.com include:spf.mailjet.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

YR2

from 2026-05-31 to 2026-08-29

Expires in 70 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://ngatikoata.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://js.stripe.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://koata-database.decentralize.nz https://*.supabase.co https://img.youtube.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://server.arcgisonline.com https://*.stripe.com https://*.sharepoint.com https://*.svc.ms https://*.sharepointonline.com data: blob:; connect-src 'self' https://koata-database.decentralize.nz wss://koata-database.decentralize.nz https://*.supabase.co https://maps.googleapis.com https://places.googleapis.com https://js.stripe.com https://challenges.cloudflare.com https://login.microsoftonline.com https://*.mailchimp.com; frame-src 'self' blob: https://www.youtube.com https://js.stripe.com https://challenges.cloudflare.c
strict-transport-security: max-age=31536000; includeSubDomains; preload

Linked from (1)

hivepass.app×2

Use this data via API

Everything on this page for ngatikoata.com is available as JSON from the indexo.dev REST & MCP API.

curl "https://indexo.dev/api/v1/domains/ngatikoata.com" \
  -H "X-API-Key: idx_..."

Read the docs & get a free key →

Add a badge to your site

Own ngatikoata.com? Show it's tracked on indexo.dev and link visitors straight to this page.

<a href="https://indexo.dev/ngatikoata.com" target="_blank" rel="noopener">
  <img src="https://indexo.dev/ngatikoata.com/badge.svg" alt="indexo.dev — ngatikoata.com">
</a>