surrenne.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-16 · ok HTTP/1.1 200 3057 ms crawled 2026-05-15

SE · 217.114.94.2 · AS30811 Optimizely AB

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title: Surrenne: Luxury Longevity & Wellbeing Club
Description: Step into a new era of experiential wellbeing at Surrenne. Elevate mind, body and soul to new heights at our luxury spa and health club.
Language: en
Canonical: https://www.surrenne.com/en

Open Graph

url: https://www.surrenne.com/en
title: Surrenne: Luxury Longevity & Wellbeing Club
locale: en
description: Step into a new era of experiential wellbeing at Surrenne. Elevate mind, body and soul to new heights at our luxury spa and health club.

Technology

CDN: Azure Front Door
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (7)

library.maybourne.com×19
cdn.maybourne.com×5
www.googletagmanager.com×2
cdn.decibelinsight.net×1
cookie-cdn.cookiepro.com×1
eu.engage.app×1
wsv3cdn.audioeye.com×1

Social

Registration

Registrar

CSC Corporate Domains, Inc.

Created

2000-09-05

Expires

2026-09-05 108 days left

Updated

2025-09-01

Name servers

dns1.cscdns.net
dns2.cscdns.net

DNS records live

NS

dns1.cscdns.net
dns2.cscdns.net

MX

10 maybourne-uk-sg1.maybourne.com
10 shw136.livertonsecurity.com

TXT

Show 7 TXT records

google-site-verification=jZBTwAr47Kvhc5RAkfzLnLZb1NUXLwkwPlbgMeTqNk4
stripe-verification=083F6C403308D59CD1510B4416941B42BC5F2289A1C00419663AA537440B26AA
atlassian-domain-verification=j4rFFk8gLmWCLQuIoQDjzMZKtTrb4UUd15UR5/z8Tq0fBXZbbIIvB0wxsptiTJjR
MS=ms65049883
dpt4sa7s3rv4opesh3t0sfqlf2
apple-domain-verification=hE2hlJOBi1mIXdcg
amazonses:KKJb0ha+vU0rq5PKLeDiP1E07Ul/q4fQqYN3T7VrRqY=

Email authentication strong

SPF

v=spf1 include:_spf.surrenne_com._d.easydmarc.pro ~all

softfail (~all)

DMARC

v=DMARC1;p=reject;sp=reject;pct=100;rua=mailto:ef5263bc77@rua.easydmarc.eu;ruf=mailto:ef5263bc77@ruf.easydmarc.eu;ri=86400;aspf=r;adkim=r;fo=1

policy: reject (enforced) · sp=reject

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAsxF21SmnfHNHR7oup9N+XqBe5a1ySiF/r2qpsqy4FTZG673lgnkmNWCPYVsKaPiRX6gdmi5wciFS…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uXbXJ83voyRg3p+rVdZBG8szLWtO5gc12ISNdKuM6sN+FIzLdfxYJytf4mmrZmpj7efsUkZ+dghNwkp0b…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGCkDoVv60zCvn0oea/IyGJ+ng5tRvdof4hg0ys9v28xcT8hLhwKVDv1cGUfRJuMDmLC17FlxYX9afgjsc…

selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2025-10-10 to 2026-10-31

Expires in 165 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.surrenne.com/en

present

content-security-policy

findings

missing HSTS
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: script-src 'nonce-YzYxNTFlMjUtMDNi' 'nonce-YzYxNTFlMjUtMDNi' 'unsafe-eval' newbooking.azds.com *.kouto.co *.stripe.com *.imagekit.io *.googleapis.com js.monitor.azure.com www.youtube.com 'strict-dynamic'; base-uri 'none'; object-src 'none'