indexo.dev

spa.cz

.cz crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 550 ms crawled 2026-05-30

US · 104.26.9.190 · AS13335 Cloudflare, Inc.

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Wellness pobyty a lázně | Spa.cz
Description
Nejkratší cesta do wellness a lázní vede přes Spa.cz. Vyberte si z více než 3 600 pobytů ten pravý a nechte se unést za odpočinkem. Zasloužíte si to!
Language
cs
Canonical
https://www.spa.cz

Open Graph

url
https://www.spa.cz/
title
Wellness pobyty a lázně
locale
cs_CZ
image:url
https://www.spa.cz/spacz/logo/og_tag.png
description
Nejkratší cesta do wellness a lázní vede přes Spa.cz. Vyberte si z více než 3 600 pobytů ten pravý a nechte se unést za odpočinkem. Zasloužíte si to!

Technology

CDN
Cloudflare
Analytics
  • Cloudflare Insights
  • Google Tag Manager
Cookie consent
  • OneTrust
Fonts
  • Google Fonts
Third-party hosts loaded (8)
  • images.static-hotel.cz×55
  • fonts.googleapis.com×2
  • www.googletagmanager.com×2
  • cdn.cookielaw.org×1
  • challenges.cloudflare.com×1
  • fonts.gstatic.com×1
  • polyfill-fastly.io×1
  • static.cloudflareinsights.com×1

Social

Contact

Email
Phone

DNS records live

NS
  • casey.ns.cloudflare.com
  • tia.ns.cloudflare.com
MX
  • 10 alt1.aspmx.l.google.com
  • 10 alt2.aspmx.l.google.com
  • 5 aspmx.l.google.com
Verified for
  • Google
  • Postman

Email authentication partial

SPF
v=spf1 a:vpn.hotel.cz mx include:_spf.google.com include:smtpx.stable.cz include:spf.smartemailing.cz ~all
softfail (~all)
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:9fab54657a3c4293ab46a22e179c13ad@dmarc-reports.cloudflare.net,mailto:4d5a8moi3s@dmarc-reports.ecomailapp.com,mailto:dmarc+683401@smartemailing.cz; sp=none; aspf=r;
policy: none (monitoring only) · sp=none
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJ9QSA+XO28M9xC86ANk1nOzSx0sQeR9wgQ2YA3W1YB39jBcqEvOIwN9Lv1usj8+482wN6KNPts1T5…
selectors probed

Certificate (current)

WE1
from 2026-05-21 to 2026-08-19
Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.spa.cz/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; img-src 'self' *.static-hotel.cz *.spa.cz *.hotel.cz data: blob: fonts.gstatic.com *.openstreetmap.org cdn.cookielaw.org *.wp.pl www.googletagmanager.com *.google.com *.google.cz *.google.sk *.google.de *.google.pl *.google.hu *.g.doubleclick.net *.googlesyndication.com *.gstatic.com c.seznam.cz *.facebook.com *.facebook.net bat.bing.net bat.bing.com sslwidget.criteo.com *.cloudfront.net; media-src 'self' *.static-hotel.cz *.spa.cz data:; font-src 'self' data: fonts.gstatic.com; connect-src 'self' measure.spa.cz o1097797.ingest.us.sentry.io o1097797.ingest.sentry.io app.smartemailing.cz *.seznam.cz *.criteo.com api.zuko.io www.googletagmanager.com google.com *.google.com *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.analytics.google.com *.googleadservices.com *.google.cz *.google.sk bat.bing.com bat.bing.net *.clarity.ms *.facebook.com *.onetrust.com *.cookielaw.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.co

Links to (2)

Linked from (6)