indexo.dev

thirdfin.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-16 · ok HTTP/1.1 200 4618 ms crawled 2026-05-16

GB · 109.109.137.191 · AS205072 Layershift Limited

Reputation 100/100

Classifying

HTML metadata

Title
Third Financial | Third Financial
Language
en
Canonical
https://www.thirdfin.com/

Technology

Server
Apache
CMS
Drupal
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (3)

  • static.addtoany.com×1
  • use.typekit.net×1
  • www.googletagmanager.com×1

Contact

Phone
Address
rd Financial Software Ltd | Company No. 06448

Registration

Registrar
Cloudflare, Inc.
Created
2007-12-05
Expires
2026-12-05 198 days left
Updated
2025-11-24
Name servers
  • imani.ns.cloudflare.com
  • olof.ns.cloudflare.com

DNS records live

NS
  • imani.ns.cloudflare.com
  • olof.ns.cloudflare.com
MX
  • 10 thirdfin-com.mail.protection.outlook.com

Email authentication strong

SPF
v=spf1 redirect=_swwxslz2x.sdmarc.net
no all qualifier
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:a.wwxslz2x@sdmarc.net
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrROmAgDIMEMUT5EXu1U0OlXlUBwTpnl4gP3YdnhwY0041TMsZ0DarUevbzvQmM/nOlvSW2e63FmE87fomp8…
selectors probed

Certificate (current)

R13
from 2026-03-21 to 2026-06-19
Expires in 30 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.thirdfin.com/

present
  • strict-transport-security
  • content-security-policy
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'
strict-transport-security
max-age=604800; includeSubDomains; preload
content-security-policy-report-only
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.googleapis.com https://use.typekit.net https://cdn-cookieyes.com https://cdnjs.cloudflare.com https://maps.google.com https://static.addtoany.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'

Links to (2)

Linked from (1)