indexo.dev

willowreview.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-12 · ok HTTP/1.1 200 2214 ms crawled 2026-05-16

US · 172.67.145.222 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
The Willow Review
Language
en

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Contact

Email

Registration

Registrar
Cloudflare, Inc.
Created
2024-11-01
Expires
2026-11-01 164 days left
Updated
2024-11-01
Name servers
  • clay.ns.cloudflare.com
  • lisa.ns.cloudflare.com

DNS records live

NS
  • clay.ns.cloudflare.com
  • lisa.ns.cloudflare.com
MX
  • 1 smtp.google.com
Verified for
  • Google

Email authentication strong

SPF
not published
DMARC
v=DMARC1; p=quarantine; rua=mailto:e460e8c53299434297389e85d6a7835d@dmarc-reports.cloudflare.net;
policy: quarantine
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-04-17 to 2026-07-16
Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://willowreview.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(self), camera=(self), fullscreen=(self "https://player.vimeo.com"), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), sync-xhr=(self), usb=(self)
x-content-type-options
nosniff
content-security-policy
base-uri 'none'; block-all-mixed-content; connect-src 'self' the-willow-review.s3.eu-west-2.amazonaws.com accounts.google.com maps.googleapis.com *.constantcontact.com *.ctctcdn.com *.google-analytics.com *.stripe.com videodelivery.net; default-src blob:; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.facebook.com; frame-ancestors none; frame-src 'self' *.facebook.com *.google.com *.stripe.com *.travelsmarter.net *.twitter.com *.videodelivery.net player.vimeo.com; img-src 'self' data: *.blogspot.com *.etsystatic.com *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.stripe.com *.tripadvisor.com *.twimg.com *.twitter.com videodelivery.net *.videodelivery.net *.vimeocdn.com *.ytimg.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' blob: 'nonce-S2VuTWNDYWxsdW1DU1BOb25jZQ==' *.addthis.com *.cloudflare.com *.ctctcdn.com *.facebook.net *.google.com *.google-analytics.com *.googlea
strict-transport-security
max-age=31536000; includeSubDomains

Links to (4)

Linked from (1)