indexo.dev

sunrise-spa.eu

.eu crawl

First seen 2026-05-30 · Last seen 2026-05-30 · ok HTTP/1.1 200 208 ms crawled 2026-05-31

NL · 165.22.192.215 · AS14061 DigitalOcean, LLC

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Sunrise Spas Europe
Description
Sunrise Spas Europe
Language
nl

Open Graph

title
Sunrise Spas Europe
locale
nl_NL
site name
Sunrise Spas Europe
description
Sunrise Spas Europe

Technology

Server
Apache
CMS
Gatsby
jQuery
1.7.1 known XSS (<3.5)
Stack
PHP
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×2

DNS records live

NS
  • xns1.i-aspect-infra.nl
  • xns2.i-aspect-infra.nl
MX
  • 0 sunrise-spa.eu
Verified for
  • Google

Email authentication weak

SPF
v=spf1 +a +mx +ip4:165.22.192.215 +include:spf.crossretail.nl ~all
softfail (~all)
DMARC
not published
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5oZS/mAB8QSzAwei9SJG9Ytw/xlvWsV4t1CtWwtkTzDo5eOB8zKE5Qu5VC6rBN8n5sPF9pLKfU/9fz…
selectors probed

Certificate (current)

R12
from 2026-04-13 to 2026-07-12
Expires in 41 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://sunrise-spa.eu/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src wss://localhost:3000 https: 'unsafe-inline' 'unsafe-eval' http: 'unsafe-inline' 'unsafe-eval' *.tawk.to wss://*.tawk.to; object-src 'self'; img-src 'self' data: http: https:; media-src http: https:; font-src 'self' data: https:
strict-transport-security
max-age=600

Links to (3)

Linked from (1)