indexo.dev

villasthalassa.com

.com crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 4371 ms crawled 2026-05-12

IE · 52.49.93.122 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Luxury Villas for Rent in Sivota, Lefkada, on a Greek island
Language
en
Canonical
https://www.villasthalassa.com/

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Third-party hosts loaded (10)
  • res-1.cloudinary.com×6
  • res-2.cloudinary.com×4
  • d6644ef6a12fcfb82f3f-5d6761b1e7eae8e264ad220502fbb6f0.ssl.cf5.rackcdn.com×3
  • res-5.cloudinary.com×3
  • fonts.googleapis.com×2
  • fonts.gstatic.com×1
  • res-3.cloudinary.com×1
  • res-4.cloudinary.com×1
  • www.facebook.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar
IONOS SE
Created
2005-09-08
Expires
2026-09-08 111 days left
Updated
2025-09-09
Name servers
  • ns10.dnsmadeeasy.com
  • ns11.dnsmadeeasy.com
  • ns12.dnsmadeeasy.com
  • ns13.dnsmadeeasy.com

DNS records live

NS
  • ns10.dnsmadeeasy.com
  • ns11.dnsmadeeasy.com
  • ns12.dnsmadeeasy.com
  • ns13.dnsmadeeasy.com
  • ns14.dnsmadeeasy.com
  • ns15.dnsmadeeasy.com
MX
Show 7 MX records
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 20 alt2.aspmx.l.google.com
  • 30 aspmx2.googlemail.com
  • 30 aspmx3.googlemail.com
  • 30 aspmx4.googlemail.com
  • 30 aspmx5.googlemail.com

Email authentication partial

SPF
v=spf1 a mx include:spf.mandrillapp.com include:cmail1.com ?all
neutral (?all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-05-10 to 2026-08-08
Expires in 81 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.villasthalassa.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
sameorigin
permissions-policy
camera=(), geolocation=()
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; font-src * data:; frame-ancestors 'self' www.bookingsync.com *.bookingsync.com *.smily.com; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' blob:; worker-src * blob:
strict-transport-security
max-age=31536000; includeSubDomains

Links to (4)

Linked from (2)