indexo.dev

wellnesskurim.cz

.cz crawl

First seen 2026-05-28 · Last seen 2026-05-31 · ok HTTP/1.1 200 944 ms crawled 2026-05-30

FR · 178.32.252.115 · AS16276 OVH SAS

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Úvodní stránka | Wellness Kuřim
Language
cs

Technology

Server
nginx
CMS
Gatsby
Analytics
  • Google Tag Manager
Social widgets
  • YouTube Embed

Third-party hosts loaded (4)

  • scontent-waw2-2.xx.fbcdn.net×7
  • scontent-waw2-1.xx.fbcdn.net×1
  • www.googletagmanager.com×1
  • www.youtube.com×1

Social

Contact

Email
Phone

Registration

Registrar
REG-ZONER
Created
2010-03-22
Expires
2027-03-21 293 days left
Updated
2017-02-25
Name servers
  • ns1.regzone.cz
  • ns1.regzone.de
  • ns1.regzone.info

DNS records live

NS
  • ns1.regzone.cz
  • ns1.regzone.de
  • ns1.regzone.info
MX
  • 1 relay.zoner.com
  • 10 10mx.zoner.com
  • 15 15mx.zoner.com

Email authentication partial

SPF
v=spf1 include:spf-zoner-zmail.zoner.com include:spf.contimex.cz include:spf.mailkit.eu ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc-rua@mailkit.com;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-05-02 to 2026-07-31
Expires in 60 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.wellnesskurim.cz/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
same-origin
x-frame-options
DENY
permissions-policy
accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self "https://www.youtube.com"), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.g.doubleclick.net c.seznam.cz *.cookiehub.net *.cookiehub.eu *.google-analytics.com *.smartsuppchat.com *.smartsuppcdn.com *.hotjar.com *.facebook.net *.smartlook.com; default-src 'self' www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com/embed/ *.doubleclick.net www.youtube-nocookie.com/embed/; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.cz *.cookiehub.net *.hotjar.io *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.facebook.com *.smartlook.cloud; frame-src *.facebook.com www.youtube.com www.youtube-nocookie.com youtu.be www.google.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.g.d
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin; report-to="default"
cross-origin-embedder-policy
unsafe-none; report-to="default"
cross-origin-resource-policy
same-origin

Links to (8)

Linked from (3)