indexo.dev

val.se

.se crawl

First seen 2026-05-23 · Last seen 2026-05-28 · ok HTTP/1.1 200 888 ms crawled 2026-05-28

US · 23.206.56.103 · AS33905 Akamai International B.V.

Reputation 100/100

Classifying

HTML metadata

Title
Startsidan | Valmyndigheten
Language
sv
Canonical
https://val.se/
Translations
  • sv
Feeds

Open Graph

url
https://val.se/
title
Valcentralen

Technology

JS framework
React

Contact

Phone

DNS records live

NS
  • a.dns.tele2.net
  • b.dns.tele2.net
  • c.dns.tele2.net
  • dns5.telia.com
  • nx1.skatteverket.se
  • nx2.skatteverket.se
  • nx3.skatteverket.se
  • ystad.dns.swip.net
MX
  • 10 ansible.skatteverket.se
  • 10 marathon.skatteverket.se
  • 10 telegraf.skatteverket.se
TXT
  • _lunfq274ryqkejwqmao0b9uenedbtuk
  • _qkv43bimsnhm6xay4py9du52595lq29
  • _c5aaishlo4x7qy9fdronfxd5l42y8sh
Verified for
  • Google
  • Microsoft 365

Email authentication strong

SPF
v=spf1 mx include:_spf.skatteverket.se -all
strict (-all)
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@val.se;
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2025-11-20 to 2026-12-18
Expires in 200 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.val.se/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'sha256-qF+3P+JBxhIkW2n3edkWPapfUchv9eJ7RPfk5I5G3HA=' 'nonce-ab95a241-5aca-11f1-ad47-b170ea9003e6' https://*.youtube.com https://skv.analytics.elx.cloud *.readspeaker.com https://www.google.com https://www.gstatic.com https://matomo.skv.analys.cloud; style-src 'self' 'nonce-ab95a241-5aca-11f1-ad47-b170ea9003e6' 'unsafe-hashes' 'sha256-KMYGxE2o7Q9LlzO5XAHqiqeUaXLvsqZdMTIK4cg+bPo=' 'sha256-KE2LIWiwueI0NEUtkKP6S8YgBAX8Yl0idhNwDlWjheo=' 'sha256-7Go13qh6cZJuYk4CXIQ7/uKAMqajacYxOTiSlR88y/Q=' 'sha256-O9ChnrQJngUlTYptX2rHTyPwYa4VlQslTnAyr1r9/XE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-cFgCm/G6Z1ZIa/67HaHQoEINlMhxHI6mwWDu/wrFxCQ=' 'sha256-hD0Ip0Iaa5T6pbem2zgfWw8scbMCHoLj28RijiusllQ=' 'sha256-j/H4tLXandafIDfNJd5rrp84NrXvpZHG+nVfFsjHyhw=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-C4vEHKXfAq5NvBTHzpFBsbuJkkUczwAA2AvGyfMU9so=' 'sha256-9VEADvfOWRtRrFR8v1wXtIl8SkF1Pjmqj7yZOV9W5II=' 'sha25
strict-transport-security
max-age=63072000 ; includeSubDomains ; preload

Linked from (2)