indexo.dev

wexonline.com

.com crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 3869 ms crawled 2026-05-12

US · 45.60.106.96 · AS19551 Incapsula Inc

Reputation 100/100

Classifying

HTML metadata

Language
en

Technology

CMS
Gatsby

Third-party hosts loaded (1)

  • global.oktacdn.com×1

Registration

Registrar
Amazon Registrar, Inc.
Created
2000-04-11
Expires
2027-04-11 326 days left
Updated
2026-03-07
Name servers
  • ns-1041.awsdns-02.org
  • ns-1771.awsdns-29.co.uk
  • ns-368.awsdns-46.com
  • ns-917.awsdns-50.net

DNS records live

NS
  • ns-1041.awsdns-02.org
  • ns-1771.awsdns-29.co.uk
  • ns-368.awsdns-46.com
  • ns-917.awsdns-50.net
MX
  • 10 us-smtp-inbound-1.mimecast.com
  • 10 us-smtp-inbound-2.mimecast.com
TXT
Show 13 TXT records
  • MS=ms79858533
  • W+h+ce/JZRJt87rn5rAFncjyuv0O8sq9lseV0N4s1lmx1+0nrX+pRWwr6S7RvbcG1xgMEEMQsFQS9gOPnYlmJA==
  • ZOOM_verify_VADhPg0mTMOGWv2kP4PcmQ
  • _globalsign-domain-verification=7uuqLeA0ychRBASay0aekhGJtfr3ArSptvH9rTDM4M
  • _globalsign-domain-verification=COhy_GakVDyK1gZrYr71-emhfP3eSuLnSO6xuQiz5D
  • amazonses:xr7PBmD0tB5SXTR7911ErhkNynv1d8Cz/A80OUZeONg=
  • dtm-domain-verification=IQAY4ujR5JMJXY2VojSvI02C7dTz_b44FuTauCizR-0
  • globalsign-domain-verification=0384C7230FF4E59287D61AF1BF749ACE
  • globalsign-domain-verification=48B0DF767F3FE22772E01BD5F12B6B1B
  • globalsign-domain-verification=7133E89BE45713B283C70C748CB114A1
  • globalsign-domain-verification=DC645BF77D1D1E951B16CBD16136FCB7
  • google-site-verification=eeZLWh7sWBlSB2Xzr6BD5tZ_JQ6y-cDgeY2r0AgQOKI
  • lucid-verification=2yyY2Q6LYAbx

Email authentication strong

SPF
v=spf1 include:spf1.wexinc.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:9t7oikpq@ag.dmarcian.com; ruf=mailto:9t7oikpq@fr.dmarcian.com
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmtP+s5GpEMNjVq0qLMQtuIAmaKaK1jPKXRih7RZ/0eO/sn9A4SaF4l/3WT2caeQlz2hkY50S1zgCV0+FauI…
selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018
from 2025-09-16 to 2026-10-18
Expires in 152 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://go.wexonline.com

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com *.wexfabric.com *.wexapi.com *.tch.com *.wexcp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.
strict-transport-security
max-age=31536000; includeSubDomains; preload

Linked from (2)