indexo.dev

totohost.hr

.hr user

First seen 2026-06-02 · Last seen 2026-06-02 · ok HTTP/1.1 200 285 ms crawled 2026-06-02

DE · 46.224.144.204 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

sector tech type homepage

HTML metadata

Title
Totohost — Web Hosting you can trust
Description
Fast, reliable and secure web hosting in Croatia since 2004. cPanel, SSD, SSL, backup, 24/7 support.
Language
en

Technology

Server
LiteSpeed
CMS
Joomla
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • moj.totohost.hr×8
  • fonts.googleapis.com×2
  • cdn.jsdelivr.net×1
  • unpkg.com×1

DNS records live

NS
  • ns1.totohost.com
  • ns2.totohost.com
  • ns3.totohost.com
  • ns4.totohost.com
MX
  • 0 totohost.hr

Email authentication partial

SPF
v=spf1 +a +mx +ip4:116.202.102.141 +ip4:23.88.26.219 +ip4:94.130.54.21 +ip4:94.130.54.16 +ip4:162.55.93.226 +ip4:162.55.93.205 +ip4:66.206.24.250 +include:relay.mailchannels.net +include:mail.registrar.eu ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:postmaster@totohost.hr; aspf=r; adkim=r
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv6KsY9+3mRifgT3gECUd9d4oJRLd55kzY8GRIoJ5gcLhOeK2ECIupgFWJ68vpJUuZ26hJa78SQxlC…
selectors probed

Certificate (current)

R12
from 2026-04-05 to 2026-07-04
Expires in 21 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://moj.totohost.hr/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'nonce-MW2eNdLmI+iUqDJlR4d8tA==' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://v2.zopim.com https://*.zopim.com https://*.zendesk.com https://www.paypal.com https://*.paypal.com https://www.paypalobjects.com https://static.zdassets.com https://ekr.zdassets.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.paypal.com https://www.paypalobjects.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://www.paypalobjects.com; img-src 'self' data: https:; connect-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://*.zopim.com wss://*.zopim.com https://*.zendesk.com wss://*.zendesk.com https://*.zdassets.com https://eracun.eposlovanje.hr https://*.paypal.com https://www.paypalobjects.com https://api-m.paypal.com; frame-src 'self' https://*.zopim.com https://*.zendesk.com https:
strict-transport-security
max-age=31536000; includeSubDomains; preload

Use this data via API

Everything on this page for totohost.hr is available as JSON from the indexo.dev REST & MCP API.

curl "https://indexo.dev/api/v1/domains/totohost.hr" \
  -H "X-API-Key: idx_..."

Read the docs & get a free key →