indexo.dev

plusoffice.no

.no crawl

First seen 2026-06-03 · Last seen 2026-06-03 · ok HTTP/1.1 200 547 ms crawled 2026-06-03

NO · 80.239.119.16 · AS25400 Telia Norge AS

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
PlusOffice AS - Forsiden
Language
no
Generator
CMS
Canonical
https://www.plusoffice.no/
Feeds

Open Graph

url
https://www.plusoffice.no/
title
PlusOffice AS - Forsiden
locale
no_NO
site name
PlusOffice AS

Technology

Server
Apache
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Contact

Email
Phone

DNS records live

NS
  • ns01.no.brand.one.com
  • ns02.no.brand.one.com
MX
  • 10 se.mx1.mailanyone.net
  • 20 se.mx2.mx25.net
  • 30 se.mx3.mailanyone.net
  • 40 plusoffice-no.mail.protection.outlook.com
  • 40 se.mx4.mx25.net
TXT
  • mandrill_verify.SsdixZVeVD97atSEH7gJyA
Verified for
  • GlobalSign
  • Google

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

R12
from 2026-05-18 to 2026-08-16
Expires in 73 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.plusoffice.no/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
base-uri 'self' ; default-src 'self' https: ; script-src 'strict-dynamic' 'nonce-ecbfde0445' https: ; img-src 'self' data: *.google.com *.google.no *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.lfeeder.com *.visitorqueue.com ; style-src 'unsafe-inline' https: ; object-src 'none' ; form-action 'self' ; frame-src 'self' *.googletagmanager.com www.youtube.com ; frame-ancestors 'none' ; font-src 'self' data: ; connect-src 'self' data: *.google-analytics.com *.google.com *.google.no *.coreai.no *.heap-api.com wss://ws-eu.pusher.com *.visitorqueue.com *.snitcher.com ;

Links to (5)

Linked from (1)