indexo.dev

sepaesp.es

.es crawl

First seen 2026-04-21 · Last seen 2026-05-14 · ok HTTP/1.1 200 1245 ms crawled 2026-05-14

ES · 77.73.203.48 · AS20905 Banco de Espana

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
SEPA (Single Euro Payments Area)
Description
Inicio
Language
es

Social

DNS records live

NS
  • a1-96.akam.net
  • a10-67.akam.net
  • a13-64.akam.net
  • a28-66.akam.net
  • a3-64.akam.net
  • a6-64.akam.net
MX
  • 0 sepaesp-es.mail.eo.outlook.com

Email authentication weak

SPF
v=spf1 include:outlook.com ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Entrust OV TLS Issuing RSA CA 1
from 2025-05-07 to 2026-06-07
Expires in 19 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.sepaesp.es/sepa/es/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(*),fullscreen=(*),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly *.genially.com fonts.googleapis.com *.gstatic.com *.ex.co *.spotifycdn.com content.powerapps.com *.dwcdn.net 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com *.adobedtm.com *.piwik.pro *.2o7.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly *.genially.com d3usyxos00s4ty.cloudfront.net 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.jsdelivr.net *.spotifycdn.com open.spotify.com *.dwcdn.net blob:; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com *.adobedtm.com *.piwik.pro *.2o7.net img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.genially.com *.playbuzz.com *.ex.co *.spotifycdn.com *.flourish.studio data: blob:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com re
strict-transport-security
max-age=31536000; includeSubDomains

Links to (3)

Linked from (1)