indexo.dev

woox.io

.io crawl

First seen 2026-04-15 · Last seen 2026-05-13 · ok HTTP/1.1 200 1435 ms crawled 2026-05-10

US · 34.8.169.166 · AS396982 Google LLC

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
WOO X: Crypto Exchange l Buy & Sell Bitcoin, ETH, Crypto
Description
Trade better on WOO X with low fees and deep liquidity. Buy, sell and earn on your crypto on a secure and trusted platform with live proof of reserves.
Language
en
Canonical
https://woox.io

Open Graph

url
https://woox.io/
title
WOO X: Crypto Exchange l Buy & Sell Bitcoin, ETH, Crypto
site name
WOO X
description
Trade better on WOO X with low fees and deep liquidity. Buy, sell and earn on your crypto on a secure and trusted platform with live proof of reserves.

Technology

Server
nginx
CMS
Next.js

Third-party hosts loaded (1)

  • cdn.appsflyer.com×1

Social

DNS records live

NS
  • ns-cloud-b1.googledomains.com
  • ns-cloud-b2.googledomains.com
  • ns-cloud-b3.googledomains.com
  • ns-cloud-b4.googledomains.com
TXT
  • google-site-verification=xt1Bp3P7ojqiCKvU6O0E_IiB9EkZCLt6cVnmySAgR8Y

Email authentication no MX

SPF
v=spf1 -all
strict (-all)
DMARC
v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s
policy: reject (enforced) · sp=reject
DKIM
Show 12 DKIM selectors
  • default: v=DKIM1; p=
  • google: v=DKIM1; p=
  • selector1: v=DKIM1; p=
  • selector2: v=DKIM1; p=
  • k1: v=DKIM1; p=
  • k2: v=DKIM1; p=
  • mail: v=DKIM1; p=
  • dkim: v=DKIM1; p=
  • s1: v=DKIM1; p=
  • s2: v=DKIM1; p=
  • mxvault: v=DKIM1; p=
  • smtpapi: v=DKIM1; p=
selectors probed

Certificate (current)

WR3
from 2026-03-27 to 2026-06-25
Expires in 36 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://woox.io/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' 'unsafe-inline' https://accounts.google.com https://apis.google.com https://s3.eu-central-1.amazonaws.com/portal-cdn-production/people-events-sdk/pe.latest-2.js https://platform.twitter.com/widgets.js https://analytics.ahrefs.com/analytics.js https://websdk.appsflyer.com https://static.ads-twitter.com/uwt.js https://analytics.tiktok.com https://server.blockchain-ads.com https://tag.adrsbl.io https://www.redditstatic.com/ads/pixel.js https://*.adrsbl.io https://*.adform.net https://*.googlesyndication.com https://www.googletagmanager.com https://cdn.amplitude.com https://gcaptcha4.gsensebot.com https://gcaptcha4.geetest.com https://gcaptcha4.geevisit.com https://static.geetest.com https://static.geetest.com;script-src-elem 'self' 'unsafe-inline' https://accounts.google.com https://apis.google.com https://s3.eu-central-1.amazonaws.com/portal-cdn-production/people-events-sdk/pe.latest-2.js https://platform.twitter.com/widgets.js https://analytics.ahrefs.com/analytics.js

Links to (10)

Linked from (2)