indexo.dev

sandfleadestin.com

.com crawl

First seen 2026-06-01 · Last seen 2026-06-02 · ok HTTP/1.1 200 644 ms crawled 2026-06-02

US · 151.101.1.75 · AS54113 Fastly, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
The Sand Flea | Beach Shanty & Seafood Shack in Destin, FL
Description
An old school Beach Bar and Grill right on the beach in Sandpiper Cove on Holiday Isle. Part beach shanty, part seafood shack, all fun. Accessible to Sandpiper Cove guests and beach walk ups only.
Language
en-US
Canonical
https://www.sandfleadestin.com/

Open Graph

url
https://www.sandfleadestin.com/
title
The Sand Flea | Beach Shanty & Seafood Shack in Destin, FL
site name
The Sand Flea | Beach Shanty & Seafood Shack in Destin, FL
description
An old school Beach Bar and Grill right on the beach in Sandpiper Cove on Holiday Isle. Part beach shanty, part seafood shack, all fun. Accessible to Sandpiper Cove guests and beach walk ups only.

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Third-party hosts loaded (13)
  • images.getbento.com×18
  • theme-assets.getbento.com×4
  • app-assets.getbento.com×3
  • assets-cdn-refresh.getbento.com×1
  • cdnjs.cloudflare.com×1
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • g1.ipcamlive.com×1
  • media-cdn.getbento.com×1
  • widgets.resy.com×1
  • www.google.com×1
  • www.googletagmanager.com×1
  • www.gstatic.com×1

Social

Registration

Registrar
GoDaddy.com, LLC
Created
2025-02-17
Expires
2030-02-17 1353 days left
Updated
2025-02-17
Name servers
  • ns51.domaincontrol.com
  • ns52.domaincontrol.com

DNS records live

NS
  • ns51.domaincontrol.com
  • ns52.domaincontrol.com

Email authentication no MX

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-22 to 2026-07-21
Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.sandfleadestin.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • cross-origin-opener-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * https://cdn.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; script-src-elem * https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * https://heapanalytics.com https://viewer.threshold360.com blob: data:; style-src 'self' * https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://c.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com wss://viewer.threshold360.com blob:; font-src 'self' * https://heapanalytics.com https://viewer.threshold360.com data:; frame-src 'self' * https://viewer.threshold360.com; worker-src * blob:; media-src * blob: data:; frame-ancestors 'self';
strict-transport-security
max-age=2592000; includeSubDomains
cross-origin-opener-policy
same-origin

Links to (9)

Linked from (1)