tkmaxx.pl

.pl crawl

First seen 2026-05-20 · Last seen 2026-05-31 · ok HTTP/1.1 200 3500 ms crawled 2026-05-27

IE · 46.137.157.217 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Wielkie Marki w niższych cenach – moda i dom | TK Maxx PL
Description: Odkryj modę, kosmetyki, buty, akcesoria i produkty dla domu w TK Maxx w cenach do 60% niższych od ceny detalicznej. Znajdź najbliższy sklep TK Maxx w Polsce!
Language: pl
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://www.tkmaxx.pl/

Open Graph

url: https://www.tkmaxx.pl/
email: obslugaklienta@tkmaxx.pl
title: TK Maxx Polska
site name: TK Maxx Polska
description: TK Maxx Polska oferuje modę, obuwie, akcesoria i produkty do domu w cenach do 60% niższych od ceny detalicznej.
phone number: +48 22 551 07 27

Technology

Server: nginx
CMS: Drupal

Analytics

Google Tag Manager

Third-party hosts loaded (3)

cdn.jsdelivr.net×2
www.googletagmanager.com×1
www.juicer.io×1

Social

DNS records live

NS

a1-117.akam.net
a14-66.akam.net
a18-67.akam.net
a22-64.akam.net
a5-65.akam.net
a7-66.akam.net

MX

10 mxa-00081a02.gslb.pphosted.com
10 mxb-00081a02.gslb.pphosted.com
20 mx0a-00081a02.pphosted.com
20 mx0b-00081a02.pphosted.com

Verified for

Google
Yahoo

Email authentication strong

SPF: v=spf1 ip4:205.220.171.102 ip4:205.220.182.205 ip4:205.220.173.171 ip4:205.220.161.171 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com; fo=1;
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R36

from 2025-08-04 to 2026-08-05

Expires in 65 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.tkmaxx.pl/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.gstatic.com *.juicer.io *.gigya.com *.flashtalking.com *.google.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gigya.com *.cookielaw.org *.juicer.io *.maxmind.com *.youtube.com *.onetrust.com *.ytimg.com *.facebook.net *.ckeditor.com *.cookielaw.org qa1-loyalty.stage.hogarth.homesense.ie *.google.com *.gstatic.com *.googletagmanager.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.js-agent.newrelic.com *.juicer.io *.newrelic.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gigya.com *.cookielaw.org *.juicer.io *.onetrust.com *.ckeditor.com *.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' 'unsafe-eval' data: *.adnxs.com *.mookie1.com *.fbcdn.net *.imgur.com *.google-analytics.com *.doubleclick.net *.ipredictive.com *.gstatic.com *.googleapis.com *.gigya.com *.facebook.com *.ckeditor.com *.cookielaw.org *.js-agent.n

Links to (13)

Linked from (5)