indexo.dev

prepass.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2876 ms crawled 2026-05-19

US · 104.26.8.22 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Trusted weigh station bypassing, toll payments, trucking software - PrePass
Description
PrePass is North America’s most comprehensive and widely used weigh station bypass, and toll payment service.
Language
en-US
Generator
Site Kit by Google 1.178.0
Canonical
https://prepass.com/
Feeds

Open Graph

url
https://prepass.com/
title
Trusted weigh station bypassing, toll payments, trucking software - PrePass
locale
en_US
site name
PrePass
description
PrePass is North America’s most comprehensive and widely used weigh station bypass, and toll payment service.
updated time
2026-03-26T00:36:35-06:00

Technology

CDN
Cloudflare
CMS
WordPress
Analytics
  • Google Tag Manager
  • Hotjar
Cookie consent
  • OneTrust
Fonts
  • Google Fonts
Third-party hosts loaded (10)
  • fonts.googleapis.com×5
  • cdn.cookielaw.org×3
  • www.googletagmanager.com×3
  • a.opmnstr.com×2
  • fonts.gstatic.com×2
  • widget.trustpilot.com×2
  • embed.navu.co×1
  • gmpg.org×1
  • munchkin.marketo.net×1
  • static.hotjar.com×1

Social

Contact

Phone
Address
road experience.trustpilot-svg.s0 { fill: #04da8d } .s1 { fill: #12684

Registration

Registrar
GoDaddy.com, LLC
Created
1998-12-07
Expires
2033-12-06 2757 days left
Updated
2024-09-09
Name servers
  • luke.ns.cloudflare.com
  • robin.ns.cloudflare.com

DNS records live

NS
  • luke.ns.cloudflare.com
  • robin.ns.cloudflare.com
MX
  • 10 prepass-com.mail.protection.outlook.com
TXT
Show 18 TXT records
  • postman-domain-verification=84a12629cb0306aaa968e32462ab3487cff35a77496be2c49115548b684a815be3ec120ed37d579d76a081120e2f4df01abee73770355ce7ae2967b3177d44a1
  • teamviewer-sso-verification=a748276749c544a09b077774fba61d8c
  • atlassian-domain-verification=Sr78ySva0pC6CEETNu4Pi7ViDnXnJreOcW09IYdiHQUTtz6gcYZzPOcsAuio8yG3
  • cursor-domain-verification-w3159p=uWZY92piRZX1qeK4FyEkkIwOy
  • mixpanel-domain-verify=525331ae-1400-4e67-bec9-b9ea5a41d216
  • globalsign-domain-verification=P-_globalsign-domain-verification=gRZ1FQd9cblZsAn-S3wUiwLGE9issmctT-0jt4K_xK
  • google-site-verification=X7yuECv5zkSnCg5qATy1H9uNrk08Z0pTJJ73GAVNW40
  • jetbrains-domain-verification=8v82krfwhmxu37j0i4cp34zzq
  • 68d4808e-8467-4214-b00f-41d616b31803
  • google-site-verification=S6f_TAwzjOJmGhG-I3cCvcEExNJ5VFTYOGN_oBeA-qY
  • openai-domain-verification=dv-gDz5cIZ9rAMDdFX8cIj2CiR7
  • anthropic-domain-verification-ghb8rk=mnYZ6Qir85khFxZuKydEaZuxT
  • docker-verification=01570f11-47ca-42ad-b8e8-17549c5f6b54
  • apple-domain-verification=WPLFgl3pj5DT7Fc0
  • Mosyle-verification-code=902879112528
  • MS=ms31715620
  • knowbe4-site-verification=0c38cc7d19993fbf12ddecf5ddddece0
  • launchdarkly-domain-verification=17a71563-e811-4299-aff5-86563998aae5

Email authentication partial

SPF
v=spf1 mx ip4:8.41.31.194 ip4:174.47.183.128/25 include:spf.protection.outlook.com include:mktomail.com -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSXNhqsMExZDDstfrB48s/Dja7iULj/d7S5nSeCXfaLWLolBfu1fkkfTuPcuKtGATFu0dSbWyYQ3ka4dgPwZ…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy80mwxwULljWpvcydJJ7PmjUjDhEfWvzWb3tIaVHxq3BIBjqfDBTMpB62zdBtb9xKf0u1KWEXP+zhnu7lK…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwg+Tprr8IzFSRBnU5MtZF0r3myh+8h7ukJvQKbseOS0nFYmTa7zt+TEQzsaeI2WMsoOfPU28mimRPv3Cm…
selectors probed

Certificate (current)

WE1
from 2026-04-16 to 2026-07-15
Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://prepass.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), ambient-light-sensor=(), autoplay=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), battery=(), bluetooth=(), browsing-topics=(), camera=(), clipboard-read=(), clipboard-write=(self), display-capture=(), encrypted-media=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), fullscreen=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), gamepad=(), geolocation=(), gyroscope=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), hid=(), identity-credentials-get=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), usb=(), web-share=(), window-manage
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-src 'self' https:; media-src 'self' https: blob:; worker-src 'self' blob:; child-src 'self' https: blob:; form-action 'self' https://pages.prepass.com https://*.marketo.com https://*.mktoweb.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests
strict-transport-security
max-age=15552000; includeSubDomains

Links to (5)

Linked from (14)