indexo.dev

trefl.com

.com crawl

First seen 2026-05-31 · Last seen 2026-06-01 · ok HTTP/1.1 200 468 ms crawled 2026-06-01

PL · 89.161.202.253 · AS12824 home.pl sp. z o.o.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Największy polski producent puzzli | Puzzle, gry planszowe, zabawki | Trefl
Description
☀ Czerwiec pełen zabawy! Odkryj tysiące wzorów puzzli i rodzinne gry, które łączą pokolenia. Kreatywna rozrywka dla dzieci i dorosłych. Poznaj ofertę Trefl
Language
pl

Technology

Server
nginx
CMS
Gatsby
Analytics
  • Google Analytics
  • Google Tag Manager
  • Microsoft Clarity
Cookie consent
  • Usercentrics
Fonts
  • Google Fonts
Third-party hosts loaded (9)
  • www.googletagmanager.com×2
  • app.usercentrics.eu×1
  • app3.salesmanago.pl×1
  • fonts.googleapis.com×1
  • integrations.etrusted.com×1
  • widgets.trustedshops.com×1
  • www.clarity.ms×1
  • www.facebook.com×1
  • www.google-analytics.com×1

Social

Contact

Email
Phone

Registration

Registrar
Key-Systems GmbH
Created
2003-04-02
Expires
2027-04-02 304 days left
Updated
2026-03-26
Name servers
  • ns1-07.azure-dns.com
  • ns2-07.azure-dns.net
  • ns3-07.azure-dns.org
  • ns4-07.azure-dns.info

DNS records live

NS
  • ns1-07.azure-dns.com
  • ns2-07.azure-dns.net
  • ns3-07.azure-dns.org
  • ns4-07.azure-dns.info
MX
  • 0 trefl-com.mail.protection.outlook.com
TXT
  • mojecertpl-site-verification-EOCMZFBiHEND0rwjQ1QyzyVtzFfycpOW
  • 1b2b7050e59fb50c2966b233ff5bda385c48e206a2df938c9d71b5c5cc41e2eb
Verified for
  • Apple
  • Google
  • Meta
  • Pinterest

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com ip4:95.160.57.5 ip4:188.116.35.112/28 ip4:144.76.60.108 ip4:93.105.40.30 include:_spf.jupiter.salesmanago.pl -all
strict (-all)
DMARC
v=DMARC1; p=reject; sp=reject; rua=mailto:dmarc@trefl.com
policy: reject (enforced) · sp=reject
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpmAwX8QC7DFWDD1u5pNDhK180wy3yqsLn2lJVoIREtRcxtALuMxfus1Jf4c9JY+auzAc9FxXMgLZwJC2sNB…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwDda2PzFSY/ArEFMX2poHR3R7kDD/y+xJNPpRaMo1fvQ9IHexb6dtcb0NMYE6jYh7qE/vvEVdbXc9…
selectors probed

Certificate (current)

Certum Domain Validation CA SHA2
from 2025-07-16 to 2026-07-16
Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.trefl.com/

present
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • missing Content Security Policy
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-content-type-options
nosniff
content-security-policy-report-only
font-src https://geowidget.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/r

Links to (8)

Linked from (3)