indexo.dev

xcover.com

.com crawl

First seen 2026-05-08 · Last seen 2026-05-20 · ok HTTP/1.1 200 2579 ms crawled 2026-05-15

US · 104.17.41.108 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
XCover.com
Language
en

Open Graph

site name
XCover.com

Technology

CDN
Cloudflare
CMS
Gatsby
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • fonts.googleapis.com×2
  • fonts.gstatic.com×1
  • use.typekit.net×1
  • www.googletagmanager.com×1

Registration

Registrar
Amazon Registrar, Inc.
Created
2003-09-28
Expires
2026-09-28 130 days left
Updated
2026-05-13
Name servers
  • adrian.ns.cloudflare.com
  • ernest.ns.cloudflare.com

DNS records live

NS
  • adrian.ns.cloudflare.com
  • ernest.ns.cloudflare.com
MX
  • 10 mailstream-central.mxrecord.mx
  • 20 mailstream-east.mxrecord.io
  • 20 mailstream-west.mxrecord.io
  • 30 mailstream-asia.mxrecord.mx
  • 5 mailstream-eu1.mxrecord.io
TXT
  • heritage=external-dns,external-dns/owner=xcover-production-eu-central-1,external-dns/resource=ingress/xcover-website-production/xcover-website-production
  • rovag_verification_token=B7148BB205B848AE97527C7B65257E98
  • browserstack-domain-verification=fd99752e-bdbe-47fd-8f25-0c80f3579ada
Verified for
  • Apple
  • Google
  • Postman

Email authentication strong

SPF
v=spf1 include:sendgrid.net include:_spf.google.com include:mail.zendesk.com include:7006470.spf05.hubspotemail.net ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; sp=reject; adkim=r; aspf=r; rua=mailto:54d5f339cc70493881b81f679dcc357a@dmarc-reports.cloudflare.net,mailto:dmarc@xcover.com; pct=100
policy: reject (enforced) · sp=reject
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguuwS6hL8t/+9dCjL3gIymi/d2fK4VPnJ+f+AQuMY1KF7g+iAlUFkXcHAeN/wxwQUeYxubY7U5ROni…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwdkG/8XAUKNtVVucEs8dPKdaiw/HvRr54925V/t11I//HzS4Nh2z93IFchILN/9rzdv/lyKCtt5+M5tU+…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChSipU/2FR52xxXoeOyljozdrON82lsS6CUcvlmynHGShr+qn0wlZMk1/Xt1rr6VuqM+dtgBbQmewlGkPWVa5fs8…
selectors probed

Certificate (current)

WE1
from 2026-05-07 to 2026-08-05
Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.xcover.com/

present
  • strict-transport-security
  • content-security-policy-report-only
  • x-content-type-options
findings
  • missing Content Security Policy
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
content-security-policy-report-only
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.loginwithamazon.com https://*.doubleclick.net https://cdn-cookieyes.com https://js.hs-scripts.com https://js.hs-banner.com https://js.usemessages.com https://js.hsadspixel.net https://js.hs-analytics.net https://snap.licdn.com https://*.zdassets.com https://*.facebook.net https://*.c-ctrip.com https://*.quantummetric.com https://*.scriptcdn.net https://*.alipayobjects.com https://*.navahididi.com https://cdn.brightwrite.com https://cdn.brightwrite-staging.com https://*.fullstory.com https://fullstory.com https://*.xcover.com; connect-src 'self' https://*.sentry.io https://sentry.io https://*.amazonaws.com https://*.amazon.com https://*.google.com https://google.com https://

Linked from (2)