xlovecash.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2939 ms crawled 2026-05-18

CW · 200.124.128.214 · AS26505 E-Commerce Park, N.V.

Reputation 87/100 weak security headers no dmarc policy

Classifying

HTML metadata

Title

XloveCash: Adult Webcam Affiliate Program

Description

Webmasters: join XloveCam’s partner program and earn easy revenue by promoting thousands of live cam models. Fast setup, high payouts.

Language

Canonical

https://www.xlovecash.com/en

Translations

Technology

Server: nginx
CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

rsrc.wlresources.com×28
s1.wlresources.com×9
fonts.googleapis.com×4
img1.wlresources.com×2
www.googletagmanager.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

2010-07-23

Expires

2029-07-23 1160 days left

Updated

2026-01-13

Name servers

albert.ns.cloudflare.com
cecelia.ns.cloudflare.com

DNS records live

NS

albert.ns.cloudflare.com
cecelia.ns.cloudflare.com

MX

0 mail.acwm.biz

TXT

google-site-verification=nN2BkiLO3j3BELB6s7y4IuGCdB2NOxDR_L1hGynpKqs
v=spf2.0/pra ip4:93.174.64.0/21 include:musvc.com ip4:200.124.128.219 ip4:200.124.128.220 include:spf.mailjet.com ~all
google-site-verification=kg1ZkA4qX08EcQz4hrCVz71oToLQPyuJX3UZyv7FwCo

Email authentication weak

SPF

v=spf1 ip4:93.174.64.0/21 include:musvc.com ip4:200.124.128.219 ip4:200.124.128.220 include:spf.mailjet.com include:servers.mcsv.net ~all

softfail (~all)

DMARC

not published

DKIM

default: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZEf+/MmR+1b8TyybQ27+kE842FNQdaXlKpu+ldUqlYYIGKJY/xppLxO48KjinuljPm2sGp800Y9dJu…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-04-20 to 2026-11-05

Expires in 169 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.xlovecash.com/en/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' https://code.highcharts.com/highcharts.js *.wlresources.com xlovecam.com *.xlovecam.com acwm.biz *.acwm.biz xlovecash.com *.xlovecash.com *.acwebconnecting.com www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com *.googlesyndication.com www.googleadservices.com ; connect-src 'self' *.wlresources.com xlovecam.com *.xlovecam.com acwm.biz *.acwm.biz xlovecash.com *.xlovecash.com *.acwebconnecting.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net *.googlesyndication.com https://*.google-analytics.com https://*.google.com *.google.fi ; report-uri /err0r/js?ts=1779129932; frame-ancestors 'self'