retailstat.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1206 ms crawled 2026-05-19

US · 104.18.4.179 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Retail Intelligence Platform for Financial, Location & Grocery Data | RetailStat | Home
Description: RetailStat is a retail intelligence platform for financial risk, location strategy, and grocery performance, with data and insights for credit, site selection, and market analysis.
Language: en

Technology

CDN: Cloudflare
CMS: Next.js

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×1
js.hs-scripts.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

2017-05-17

Expires

2029-05-17 1092 days left

Updated

2025-05-15

Name servers

boyd.ns.cloudflare.com
zita.ns.cloudflare.com

DNS records live

NS

boyd.ns.cloudflare.com
zita.ns.cloudflare.com

MX

10 d309769b.ess.barracudanetworks.com
5 d309769a.ess.barracudanetworks.com

TXT

knowbe4-site-verification=41cdd6dfa82b1e3ffe9117e362aa4d3b
linkedin-site-verification=ac226cd7-50d6-4d2a-be7e-03a65e01fb84
sinch-domain-verification=25c55a95-ed5d-4c49-893e-875f937dc076

Verified for

Anthropic
Apple
DocuSign
Google
Microsoft 365
OpenAI

Email authentication strong

SPF

v=spf1 include:mailgun.org include:spf.protection.outlook.com include:spf.ess.barracudanetworks.com include:20543635.spf01.hubspotemail.net include:_spf.salesforce.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; fo=1; rua=mailto:rua+retailstat.com@dmarc.barracudanetworks.com; ruf=mailto:ruf+retailstat.com@dmarc.barracudanetworks.com

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA99wfnsA0Z1p9to8cMPNR/DXkfWR6wrFvro7iV/iT50g1qM8K0dCqE81gs0/244u9md7fCDlmMUbq3t…

selectors probed

Certificate (current)

WE1

from 2026-05-08 to 2026-08-06

Expires in 77 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://retailstat.com/

present

strict-transport-security
content-security-policy
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://*.google.com https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net 'nonce-63708a2c-0f8e-4074-a066-45c58713aef7' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://sso.retailstat.com https://rs-api.retailstat.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://rs-api.retailstat.com https://*.hubspot.com https://*.hsforms.com; media-src 'self' https://rs-api.retailstat.com; worker-src 'self' blob:; frame-src 'self' https://sso.retailstat.com https://www.google.com; frame-ancestors 'none'; form-action 'self'
strict-transport-security: max-age=15552000; includeSubDomains; preload

Links to (2)

google.com×3
linkedin.com×3

Linked from (1)

crfonline.org×3