indexo.dev

stream.co

.co crawl

First seen 2026-05-10 · Last seen 2026-05-16 · ok HTTP/1.1 200 3933 ms crawled 2026-05-16

US · 104.18.26.201 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Stream (Wagestream) | Financial Wellbeing for Employees
Description
Stream’s financial wellbeing platform offers early pay, savings, budgeting and coaching to reduce employee stress and boost productivity for UK employers.
Language
en
Canonical
https://stream.co/en

Open Graph

url
https://stream.co/en
title
Stream (Wagestream) | Financial Wellbeing for Employees
site name
Stream
description
Stream’s financial wellbeing platform offers early pay, savings, budgeting and coaching to reduce employee stress and boost productivity for UK employers.

Technology

CDN
Cloudflare
CMS
Next.js
Analytics
  • Cloudflare Insights

Third-party hosts loaded (2)

  • acsbapp.com×1
  • static.cloudflareinsights.com×1

Social

DNS records live

NS
  • candy.ns.cloudflare.com
  • gabriel.ns.cloudflare.com
MX
  • 1 smtp.google.com
TXT
Show 21 TXT records
  • ZOOM_verify_WteKLU1EwADT0uncmeSxNV
  • MS=ms25158852
  • anthropic-domain-verification-rtqthk=IRnJ4mPe4WSaABC5C9dX4NUy9
  • _0yjuuxajxeg5rmqxqfxmdl6nl9pm94n
  • openai-domain-verification=dv-UlUwlSAjQVri9EwuNAromU5N
  • yahoo-verification-key=sd4bHgU0muLC40T7JpNin0qs48HBgK4FUiaF8lFL+OM=
  • google-site-verification=2eyd9OoTpREcnBnYN_bHKsHS5WOfd16EXKaxnE9ZMvg
  • google-site-verification=aJOwXcFvkREl02D4XEqa3JUUc-3YjBJOAUJk4-RRW3o
  • cursor-domain-verification-kmwaan=SdPURhWTkLUn94rHhBVmUQIr9
  • 1password-site-verification=XVREFK73I5FZHIHBQ537YZKZR4
  • twilio-domain-verification=84806faa2c8fb4a3bc521e75e8182cb5
  • 7aa83af6-1ab7-46c8-8098-949f696e3a52
  • faf0f8e3-2355-414a-b779-41d2fd750c13
  • a97aedf8ea5716ab4174a80b2aa74d5c
  • hibp-verify=dweb_w79dvvljmni70dsffaf21nbd
  • TAILSCALE-AxRyN8UnR9lBBgzfYbgm
  • google-site-verification=uzYM9mHianSi3vWsWPNtz_YwTFU32-uNvSJgR2599dk
  • box-domain-verification=17866dcad23ed825de5e4790cb47be080ecdf8bcb757e2500315a859afedf6b5
  • atlassian-domain-verification=sWKLRuxnP8hOs/eW+pvI/hlxxXXgAhHDBLa6oq3L00b6glEnJHtvC/SZ2w/cdkSO
  • apple-domain-verification=v1aArxy1B0NpcF3nIvDwb6j75lyYBiyl2I96kFnY3X0
  • knowbe4-site-verification=f0bec1ad23f216f422541818c38db6d6

Email authentication strong

SPF
v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; rua=mailto:dmarc@fahckgkw.uriports.com; ruf=mailto:dmarc@fahckgkw.uriports.com; fo=1:d:s
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgjcfzX1ZRZZjISamxWpzqYqwl+I80VUibzPNUUA0RuPEY8va25q80niJh4954b/wufPOYRz0yiUq9…
selectors probed

Certificate (current)

E8
from 2026-05-04 to 2026-08-02
Expires in 74 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://stream.co/en

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hubspot.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://static.cloudflareinsights.com https://acsbapp.com https://js.stripe.com https://*.hcaptcha.com https://*.wistia.com https://*.wistia.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com blob: https://*.wistia.com; img-src 'self' data: blob: https://stream.co https://www.googletagmanager.com https://*.google-analytics.com https://*.stripe.com https://*.hsforms.com https://www.gravatar.com https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api2.wagestream.xyz https://api.wagestream.xyz https://www.googletagmanager.com https://*.google-analytics.com https://an
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin

Links to (12)