thinkava.com

.com crawl

First seen 2026-05-08 · Last seen 2026-05-15 · ok HTTP/1.1 200 9906 ms crawled 2026-05-15

US · 172.67.160.58 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

sector b2b services type homepage

HTML metadata

Title: Secure Global Logistics for Precious Metals & More | Ava
Description: Secure global logistics partner for transporting cash, gold, bullion & precious metals. Trusted by banks, traders & refiners worldwide.
Language: en-gb
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://www.thinkava.com/

Technology

CDN: Cloudflare
CMS: Drupal

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (3)

cdn.jsdelivr.net×1
consent.cookiebot.com×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

GoDaddy.com, LLC

Created

2016-01-12

Expires

2028-01-12 601 days left

Updated

2026-01-12

Name servers

deborah.ns.cloudflare.com
neil.ns.cloudflare.com

DNS records live

NS

deborah.ns.cloudflare.com
neil.ns.cloudflare.com

MX

0 mx1-us.emailsecurity.app
0 mx2-us.emailsecurity.app

TXT

TG=ggx2g5
duo_sso_verification=UOByenMtB2wp4w9YABaV7QwVxRKyHwpWDHv0Is2R0v4hWhOy788uK9WvTOKmrYgc

Verified for

Google
Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:spf.mtaroutes.com include:spf1.emailsecurity.app ip4:51.79.190.101 include:spf-uk.emailsignatures365.com include:spf.smtp2go.com -all

strict (-all)

DMARC

v=DMARC1; p=none; pct=100

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycJsPGaCr0ooQ4eDlU5D8XnTya22GbVSujczsF0POKqACBp5ctebu7Cm245bD3HM1bGDcqPDct+JE/…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SPInf2TArwSi/ocUyzbVq4ZeYihrqc7n6B8fPT3R5bunBqmcuzmxymaBI7IQn/q9nE2o5DE1PL+o5…

selectors probed

Certificate (current)

WE1

from 2026-03-27 to 2026-06-25

Expires in 36 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.thinkava.com

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.google.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ https://cdn.jsdelivr.net/ https://www.gstatic.com/ https://www.google.com/ https://cdn.cookielaw.org/ https://*.reciteme.com/ https://*.cloudflare.com/ https://www.googletagmanager.com/ https://*.googleapis.com/ https://script.hotjar.com/ https://consent.cookiebot.com/ https://assets.app.futr.ai/webchat/futrwebchat.js https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.3/addon/display/placeholder.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/ https://script.hotjar.com/modules.852546d062cf06f9f7e6.js https://static.hotjar.com/c/hotjar-2973456.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.hsDbD4boGhc.O/d
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy-report-only: script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self'

Links to (3)

Linked from (1)

metalsdaily.com×1