oldspice.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-15 · ok HTTP/1.1 200 3196 ms crawled 2026-05-07

US · 63.141.128.12 · AS399566 Bigcommerce Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Old Spice | Official Site
Description: Old Spice antiperspirant, deodorant, body wash, hair and beard care. We make a ton of great things designed for men, loved by everyone.
Language: en
Canonical: https://oldspice.com/

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (6)

cdn11.bigcommerce.com×24
ajax.googleapis.com×3
fonts.googleapis.com×2
fonts.gstatic.com×1
www.googletagmanager.com×1
www.lightboxcdn.com×1

Registration

Registrar

CSC Corporate Domains, Inc.

Created

1995-08-02

Expires

2026-08-01 73 days left

Updated

2025-07-28

Name servers

ns1-02.azure-dns.com
ns2-02.azure-dns.net
ns3-02.azure-dns.org
ns4-02.azure-dns.info

DNS records live

NS

ns1-02.azure-dns.com
ns2-02.azure-dns.net
ns3-02.azure-dns.org
ns4-02.azure-dns.info

TXT

Show 4 TXT records

google-site-verification=M6Iaq7fh5zL2pwzjI_wcZRNp2SRdn948WPw5KjNRwgU
google-site-verification=9NAjThP5RIr-flaSjcz8RrAvErQJHkeaKelwoeEUCf8
facebook-domain-verification=kkpujmm0v0ojhd060t9byn8wjarwbv
google-site-verification=sQYGG0-jNKrV9bGvbqKvDfkSgBD8gjka0cnIy4O4DH4

Email authentication no MX

SPF

v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email; ruf=mailto:MTY1NjYw@ruf.vali.email; fo=1; ri=3600

policy: reject (enforced)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny0Ggc+08vwyE10ZawTRa2yerdsf0kXePfcwA9SjJo0f4SSbfC0+upbASO3qhxeY6aAAOi9j64mmMna3n2…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDldsOMoq9EVLcZguMAMoQRSfJh1JnQDdXA+RYdULYYyVqcgrRPg725IRgPwFCmplEELN9SU85xJhpJKsPfM4037n…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA OV R40

from 2025-09-21 to 2026-10-22

Expires in 155 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://oldspice.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: script-src *.bigcommerce.com *.dynatrace.com *.youtube.com *.gstatic.com *.google.com *.betrad.com *.klaviyo.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.google.com *.addthis.com *.addthisedge.com *.devcloudsoftware.com *.braintreegateway.com *.googletagmanager.com *.go2cloud.org *.agkn.com *.online-metrix.net *.s3.amazonaws.com vjs.zencdn.net *.instagram.com *.paypalobjects.com *.paypal.com *.referralcandy.com *.pinimg.com *.adsrvr.org *.addrexx10.com *.googleadservices.com *.agkn.com *.crazyegg.com *.doubleclick.net *.amazonaws.com *.lightboxcdn.com *.moatads.com *.bazaarvoice.com *.jquery.com *.cookielaw.org *.retentionscience.com *.azurewebsites.net *.privy.com *.cloudfront.net *.segment.com *.lytics.io *.click2cart.com static.smartcommerce.co pghub.io de-grafana-agent-prod.pg.com unpkg.com api.ipify.org analytics.tiktok.com js.jebbit.com cdn.rudderlabs.com app.bubblehouse.com https://edge.curalate.com 'self' '
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (1)

pg.com×2