indexo.dev

work.co

.co crawl

First seen 2026-04-14 · Last seen 2026-05-18 · ok HTTP/1.1 200 1741 ms crawled 2026-05-08

US · 141.193.213.31 · AS209242 Cloudflare London, LLC

Reputation 100/100

sector b2b services type homepage

HTML metadata

Title
Work & Co | Digital Product Agency
Description
Work & Co is a digital product agency. We drive tangible business impact through strategy, design, and development of new platforms and experiences.
Language
en

Open Graph

url
https://work.co/
title
Work & Co | Digital Product Agency
description
Work & Co is a digital product agency. We drive tangible business impact through strategy, design, and development of new platforms and experiences.

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (5)

  • d31tp2p8dlf9ma.cloudfront.net×4
  • use.typekit.net×2
  • workco.wpenginepowered.com×2
  • www.googletagmanager.com×2
  • p.typekit.net×1

Contact

Email
Phone
Address
231 Front Street, 5th Floor, 11201, Brooklyn, NY, USA

DNS records live

NS
  • ns-1393.awsdns-46.org
  • ns-1910.awsdns-46.co.uk
  • ns-394.awsdns-49.com
  • ns-708.awsdns-24.net
MX
  • 10 mx0a-001dcc01.pphosted.com
  • 10 mx0b-001dcc01.pphosted.com
TXT
Show 5 TXT records
  • liveramp-site-verification=EIEl6MgS2nOv3dKtxxVir8tWpKE85lmKSh2s7wGwE4w
  • MS=ms19057761"
  • 8007340FB5
  • notion_verify_AwNZ0YwaUkCzb5T7Nz6qDVokBQgu8xC8wTD3fGumitchxTW8zXF1zF7QCYcgpgyZK6PkTP
  • "work.co
Verified for
  • 1Password
  • Airtable
  • Anthropic
  • Apple
  • Atlassian
  • DocuSign
  • Dropbox
  • Figma
  • GlobalSign
  • Google
  • Microsoft 365
  • Miro
  • MongoDB
  • OneTrust
  • OpenAI
  • Postman
  • Slack

Email authentication strong

SPF
v=spf1 include:mg-spf.greenhouse.io mx include:accenture.com ip4:205.220.165.99 ip4:205.220.177.99 include:sendgrid.net ip4:3.222.0.24/29 ip4:198.21.4.52 ip4:167.89.31.27 include:mail.zendesk.com include:43574573.spf10.hubspotemail.net -all
strict (-all)
DMARC
v=DMARC1;p=reject;fo=1;rua=mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyxKZAkvrFxg7zK4FifOFLrfwGYTqM2zEMRUbTxOYAYbe6TqAJRe392sWomU479RvUOGlz7N9NOli6U+8EZI…
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxeBrMgEFi7qjaNlxXnT9QYaZmYfGBU4RcnVduD43KvKz7sw7DjgHWreenJzAXY9icFphwQMqqupEW…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYGzYlp6Qlzb+INIepKTbuVLatBzhUA7VpAy+icosNGZrrkdJeJ8VQygJKpsmkkcjgwwNieGcrTIH3…
selectors probed

Certificate (current)

E7
from 2026-05-02 to 2026-07-31
Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://work.co/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
Header values
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' *; img-src * data: blob:
strict-transport-security
max-age=31536000; includeSubDomains

Links to (2)

Linked from (2)