indexo.dev

nivea-afrique.com

.com crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 2043 ms crawled 2026-05-12

US · 104.210.154.101 · AS8075 Microsoft Corporation

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
NIVEA
Description
Welcome to the NIVEA Website! We offer you great tips and exciting opportunities related to the loved skincare products by NIVEA.
Language
fr-CEWA
Canonical
https://www.nivea-afrique.com

Open Graph

title
NIVEA
description
Bienvenue sur le site de NIVEA ! Découvrez nos produits cosmétiques pour le visage et le corps, et bénéficiez de conseils dédiés au soin de la peau.

Technology

CDN
Azure Front Door
Analytics
  • Google Analytics
  • Google Tag Manager
Ads
  • Google Ads (DoubleClick)
  • Meta Pixel
Third-party hosts loaded (12)
  • img.nivea.com×14
  • www.googletagmanager.com×4
  • cdn.bunchbox.co×1
  • cdn.consentmanager.mgr.consensu.org×1
  • connect.facebook.net×1
  • consentmanager.mgr.consensu.org×1
  • googleads.g.doubleclick.net×1
  • s2.adform.net×1
  • stats.g.doubleclick.net×1
  • track.adform.net×1
  • www.facebook.com×1
  • www.google-analytics.com×1

Social

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2019-07-09
Expires
2026-07-09 50 days left
Updated
2025-07-05
Name servers
  • dns1.cscdns.net
  • dns2.cscdns.net

DNS records live

NS
  • dns1.cscdns.net
  • dns2.cscdns.net
MX
  • 10 custmx.cscdns.net
TXT
  • google-site-verification=1Up38KusY_95LdC6o72gHPpjrxX5LKioXO-jLMEmKqs
  • google-site-verification=2FwX7egP7D7TOwST3r_HkmdVlBbHp5Lbhh2J89oNsKw

Email authentication strong

SPF
v=spf1 -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; rua=mailto:beiersdorf@rua.agari.com; ruf=mailto:beiersdorf@ruf.agari.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-07 to 2026-07-06
Expires in 47 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.nivea-afrique.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:

Links to (3)

Linked from (1)