indexo.dev

royalpay.eu

.eu crawl

First seen 2026-04-20 · Last seen 2026-05-10 · ok HTTP/1.1 200 1190 ms crawled 2026-05-13

CZ · 185.104.210.76 · AS209671 Qrator Labs CZ s.r.o.

Reputation 100/100

Classifying

HTML metadata

Title
Prophylaxis
Description
Prophylaxis
Language
en

Technology

Server
nginx
Fonts
  • Font Awesome

Third-party hosts loaded (1)

  • use.fontawesome.com×2

DNS records live

NS
  • sri.ns.cloudflare.com
  • zara.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 aspmx2.googlemail.com
  • 10 aspmx3.googlemail.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • MS=74AB0B85F67DE69D8E29AC6DED4A22EFB6CAE6A5
  • google-site-verification=MTuGOk4U8UB76Dyd6aCQHTY7g3SmSvrl4yfbdaqYLyU

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:_spf.begateway.com a ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:dc@royalpay.eu
policy: quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtxzuZim//uomLXxx9G86waH9+SAB35gWzfPi+zU9mx5BcM3ChSmIBm2AuOgKD/SjpuhPdZM9pILBd…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-11-24 to 2026-11-25
Expires in 189 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://royalpay.eu/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
permissions-policy
microphone=(), camera=(), autoplay=(), display-capture=()
content-security-policy
default-src 'self' https://cdnjs.cloudflare.com/ https://applepay.cdn-apple.com/ https://sandboxcheckouttoolkit.rapyd.net/ https://use.fontawesome.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com wss://mc.yandex.ru wss://mc.yandex.com https://payment.paydmeth.com/apple-pay https://pay.google.com https://google.com/pay 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-eval'; frame-src *
strict-transport-security
max-age=31536000; includeSubDomains, max-age=63072000

Linked from (1)