indexo.dev

nivea.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-12 · ok HTTP/1.1 200 2480 ms crawled 2026-05-08

US · 104.210.154.101 · AS8075 Microsoft Corporation

Reputation 95/100 weak security headers

sector beauty type homepage

HTML metadata

Title
WELCOME TO NIVEA
Description
Overview of all NIVEA websites around the world. Please choose your country.
Language
en-JM
Canonical
https://www.nivea.com

Open Graph

title
WELCOME TO NIVEA

Technology

CDN
Azure Front Door

Third-party hosts loaded (1)

  • tm-eu.beiersdorf.com×2

Registration

Registrar
CSC Corporate Domains, Inc.
Created
1997-03-18
Expires
2027-03-19 303 days left
Updated
2026-03-15
Name servers
  • ns1.netnames.net
  • ns2.netnames.net
  • ns5.netnames.net
  • ns6.netnames.net

DNS records live

NS
  • ns1.netnames.net
  • ns2.netnames.net
  • ns5.netnames.net
  • ns6.netnames.net
MX
  • 20 nivea-com.mail.protection.outlook.com
TXT
Show 8 TXT records
  • google-site-verification=qP1wZoGFHeVFH11rabRKRIUDSFNc39mI9fIPFwjM2_s
  • google-site-verification=qWQEduR07IIwOJDskE_ddxnjyyqQ8wXJWVfKEuy8uJg
  • y6Jr2w3EVHhZma27TqE9gqZWtohPvAtbyMyv1EquSIgYS5cPLZR0GOPNL1DU5QXQEUAUMGfel4mIJQvEc5I8+w==
  • 00D0E000000HM24=1TB9K0000000OlV;00D5r0000004hvC=1TBFg0000002hGz;00D5t0000004g03=1TB9b0000000Kef;00D2p000000PTrC=1TBcz00000000t0
  • MS=ms59494652
  • security_contact=https://soc.beiersdorf.com
  • security_contact=mailto:security@beiersdorf.com
  • google-site-verification=gOqUK2NHjbyG2UJKnu6hUyk1rvH65JIlbzQ-tLOJzUA

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com include:spf.mailjet.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; rua=mailto:beiersdorf@rua.agari.com; ruf=mailto:beiersdorf@ruf.agari.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-07 to 2026-07-06
Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.nivea.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:

Links to (10)

Linked from (2)