indexo.dev

tfwa.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-13 · ok HTTP/1.1 200 1240 ms crawled 2026-05-08

FR · 213.218.144.18 · AS8304 Ecritel SASU

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Tax Free World Association
Description
TFWA is an association of brands, whose mission is to identify trends and opportunities, build awareness and provide a business platform for the global duty free and travel retail industry to prosper.
Language
en
Generator
Drupal 11 (https://www.drupal.org)
Canonical
https://www.tfwa.com/

Open Graph

url
https://www.tfwa.com/homepage
title
Tax Free World Association
site name
TFWA
description
TFWA is an association of brands, whose mission is to identify trends and opportunities, build awareness and provide a business platform for the global duty free and travel retail industry to prosper.

Technology

Server
Apache
CMS
Drupal
Fonts
  • Adobe Fonts

Third-party hosts loaded (1)

  • use.typekit.net×1

Social

Contact

Address
rue Cambacérès, 75008

Registration

Registrar
Gandi SAS
Created
1997-08-21
Expires
2026-08-20 93 days left
Updated
2025-07-20
Name servers
  • ns-a.ecritel.com
  • ns-a.ecritel.fr
  • ns-b.ecritel.com
  • ns-b.ecritel.fr

DNS records live

NS
  • ns-a.ecritel.com
  • ns-a.ecritel.fr
  • ns-b.ecritel.com
  • ns-b.ecritel.fr
MX
  • 10 tfwa-com.mail.protection.outlook.com
TXT
Show 10 TXT records
  • globalsign-domain-verification=lG1BEieyXS7MpoMnvgVes-RupdAmk3l2cKdnRCtyia
  • globalsign-domain-verification=x-smnTMMpqpJYAulJDJ0gE46al_1y1_UysXCSwh-54
  • MS=ms14908028
  • globalsign-domain-verification=hkUTg-SuK15kJVmNa-jHSaEtqpVfwFUC_9o5kcBihk
  • Sendinblue-code:12e11223ec28a8899808cb9faabf2daf
  • brevo-code:12e11223ec28a8899808cb9faabf2daf
  • globalsign-domain-verification=llhhre8iV2GdqJnNO3aZzepWFWCeU-UXWdb5EWpeah
  • globalsign-domain-verification=g-jRSPgmWljqU-GuVyzwH8-VEyh6HWjOSzOTW1e4Si
  • MS=ms66428943
  • globalsign-domain-verification=g16uUETj0sQqeOJefX5whAbpqSP1amBVEoxE3t5xIj

Email authentication partial

SPF
v=spf1 ip4:213.218.144.18 ip4:37.59.165.128/28 ip4:178.32.76.96/27 ip4:178.32.156.0/27 ip4:176.31.229.207 ip4:37.59.77.144/28 ip4:178.32.156.0/27 ip4:5.196.251.96/27 ip4:5.135.85.144/28 ip4:149.7.101.48/29 ip4:62.210.8.70/32 ip4:163.172.121.161/32 ip4:163.172.125.222/32 ip4:163.172.196.233/32 ip4:163.172.195.134/32 ip4:163.172.196.85/32 ip4:163.172.225.66/32 ip4:163.172.224.77/32 include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com
policy: none (monitoring only)
DKIM
  • mail: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2…
selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018
from 2026-04-27 to 2026-11-12
Expires in 177 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.tfwa.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
autoplay=self, fullscreen=self, sync-xhr=self
x-content-type-options
nosniff
content-security-policy
default-src 'self' www.youtube.com i.ytimg.com www.youtube-nocookie.com *.twitter.com *.x.com unpkg.com static.doubleclick.net data: *.openstreetmap.org www.google.com ckeditor.com fonts.googleapis.com fonts.gstatic.com static.addtoany.com www.googletagmanager.com *.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net player.vimeo.com i.vimeocdn.com www.google.fr *.dailymotion.com *.dmcdn.net www.tfwa.com www.tfwa365.com tfwa365.matomo.cloud *.typekit.net analytics.google.com www.gstatic.com cdnjs.cloudflare.com www.google.fr www.google.it td.doubleclick.net www.instagram.com www.facebook.com www.linkedin.com www.multivu.com www.tiktok.com tfwa.bnetwork.com public.flourish.studio flo.uri.sh; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com i.ytimg.com www.youtube-nocookie.com *.twitter.com *.x.com unpkg.com static.doubleclick.net data: *.openstreetmap.org www.google.com ckeditor.com fonts.googleapis.com fonts.gstatic.com static.addtoany.com w
strict-transport-security
max-age=2592000; includeSubDomains

Links to (5)

Linked from (2)