vay.io

.io crawl

First seen 2026-04-13 · Last seen 2026-05-11 · ok HTTP/1.1 200 1085 ms crawled 2026-05-07

US · 141.193.213.10 · AS209242 Cloudflare London, LLC

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title

Vay | Cars on demand, delivered & parked driverless

Description

Rent cars by the minute. Delivered and parked driverless. Enjoy the freedom of a personal car without the burden of owning it.

Language

en-US

Generator

Powered by LayerSlider 8.1.2 - Build Heros, Sliders, and Popups. Create Animations and Beautiful, Rich Web Content as Easy as Never Before on WordPress.

Canonical

https://vay.io/

Feeds

Vay » Feed RSS

Open Graph

url: https://vay.io/
title: Vay | Cars on demand, delivered & parked driverless
locale: en_US
site name: Vay
description: Rent cars by the minute. Delivered and parked driverless. Enjoy the freedom of a personal car without the burden of owning it.

Technology

CDN: Cloudflare
CMS: WordPress

Analytics

Google Tag Manager

Ads

Meta Pixel
TikTok Pixel

Fonts

Google Fonts

Third-party hosts loaded (9)

fonts.googleapis.com×5
challenges.cloudflare.com×3
www.googletagmanager.com×3
analytics.tiktok.com×1
connect.facebook.net×1
fonts.gstatic.com×1
gmpg.org×1
js.adsrvr.org×1
www.youtube.com×1

Social

Contact

Phone

1355771463770

DNS records live

NS

carrera.ns.cloudflare.com
lennon.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 12 TXT records

google-site-verification=oEDq-RS66hT29jn8btFfImUMKKCe2ZlS5f0f8cTCG6g
mandrill_verify.QvB_xBw_lNDJjfvMgDww2g
remote-domain-verification=6666e9e8-7f74-4ab8-92c0-26250f3402fb
v=verifydomain MS=5245999
_acme-challenge=c7tYlhM0TU47MXpsF6CJALqHr0URsrzjSeuqUn4Ny6k
amazon-business-verification=0032f73d1c3f955e73211ba45ad7551eeaf1419ff8bdaaef3e88e0ba0e98e1eb
anthropic-domain-verification-rvz6yg=JxQocWU60Jyz88s0hUUB03VAF
apple-domain-verification=h5tZgIGU33koemtG
atlassian-domain-verification=/dHBSm4rpINy6KMW4jFLeQwKPAcjlTmqLNjnEWENEf8aeGZh4VLW6P65OBuRmd92
atlassian-sending-domain-verification=dec784ac-7c11-43c9-b922-e49725eab82b
google-site-verification=2cEr1MQF7Yksi8orQFXJHqJjECm_PqpaJ6YP3hFIzpk
google-site-verification=BNCNxnkuHuM0HZZrkPo6bu48WnMl-bunK_7zS8Kp55M

Email authentication strong

SPF

v=spf1 redirect=_skarnhal2.sdmarc.net

no all qualifier

DMARC

v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:a.karnhal2@sdmarc.net; ruf=mailto:f.karnhal2@sdmarc.net

policy: reject (enforced)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH1YFjbV93H1SH10lyZdgf4cRzDAsExl7S/YbT2wD1kYeswR2XqkGsDpKhzepOWI3InMUywiXMiJyT…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

from 2026-05-03 to 2026-08-01

Expires in 74 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 35/100 Checked live page: https://vay.io/

present

permissions-policy

findings

missing HSTS
missing Content Security Policy
missing frame protection
missing content type protection
missing Referrer Policy

Header values

permissions-policy: private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")

Links to (6)

Linked from (2)

lindencapital.de×2
andreasfertig.com×2