norteapp.io

.io crawl

First seen 2026-04-19 · Last seen 2026-05-11 · ok HTTP/1.1 200 1963 ms crawled 2026-05-13

US · 216.198.79.1 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector finance type landing page

HTML metadata

Title: Find $2,000+ in Hidden Card Benefits | Norte
Description: Your cards include benefits worth $2,000+ -- coverage, perks, and protections you're probably not using. See everything in one place. Free, privacy-first.
Language: en

Open Graph

url: https://norteapp.io
title: Your Credit Card Has $2,000+ in Hidden Benefits | Norte
description: See every benefit, perk, and protection your cards already include. Stop paying for what you have.

Technology

CDN: Vercel

Analytics

Google Tag Manager

Ads

Meta Pixel

Third-party hosts loaded (3)

menavfvqiamggxovuyfs.supabase.co×2
connect.facebook.net×1
www.googletagmanager.com×1

DNS records live

NS

ns-cloud-d1.googledomains.com
ns-cloud-d2.googledomains.com
ns-cloud-d3.googledomains.com
ns-cloud-d4.googledomains.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

google-site-verification=9_AHON52q7kMlO0YvUvOaPhV_earF6U5G4D_rnlWnyw
google-site-verification=-QYiHCqVu9ddITcyPr47pE7y_8BJgatT-wfdvw7fFBc
brevo-code:4ec342e00ee8ca27358067d021347996

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:servers.mcsv.net ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:security@norteapp.io

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf5hKp5DKpW6++5MuzEiFDzyZyEtlxSUMDcTN7W1oRdpd7qgIaVwieY3CSOPajuh8IGIvtYnhwXErf…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R12

from 2026-05-09 to 2026-08-07

Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://norteapp.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.redditstatic.com https://alb.reddit.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: blob:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://*.norteapp.io https://*.supabase.co wss://*.supabase.co https://*.supabase.in wss://*.supabase.in https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://www.facebook.com https://pixel.reddit.com https://pixel-config.reddit.com https://alb.reddit.com https://analytics.tiktok.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload

Linked from (2)

websurl.com×1
listyourtool.com×1