indexo.dev

xvpn.io

.io crawl

First seen 2026-06-04 · Last seen 2026-06-04 · ok HTTP/1.1 200 236 ms crawled 2026-06-04

US · 104.26.12.241 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Free, Secure & Fast VPN Service | X-VPN
Description
Ultra-fast, secure and stable VPN for all devices platform. Try risk-free with 30-day money-back guarantee. 24/7 live chat support.
Language
en
Canonical
https://xvpn.io/
Translations
  • ar
  • de
  • en
  • es
  • fa
  • fr
  • it
  • pt
  • ru
  • tr

Open Graph

url
https://xvpn.io/
title
Free, Secure & Fast VPN Service | X-VPN
site name
X-VPN
description
Ultra-fast, secure and stable VPN for all devices platform. Try risk-free with 30-day money-back guarantee. 24/7 live chat support.

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • www.googletagmanager.com×2
  • tickets.globalchat1.com×1

Social

DNS records live

NS
  • elliot.ns.cloudflare.com
  • nina.ns.cloudflare.com
MX
  • 10 box.freeconnectedlimited.com
Verified for
  • Google
  • Meta

Email authentication strong

SPF
v=spf1 mx -all
strict (-all)
DMARC
v=DMARC1;p=reject;rua=mailto:admin@xvpn.io
policy: reject (enforced)
DKIM
  • mail: v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6kP+P1HJ2fqMs9jFYhEBUZb9g6waX6w+SUZ1wBJ34bZPNoSvi4nPJ3Deip…
selectors probed

Certificate (current)

WE1
from 2026-04-26 to 2026-07-25
Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://xvpn.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
findings
  • CSP uses wildcard sources
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin
x-frame-options
sameorigin
content-security-policy
default-src 'self' https://z3d9.com https://*.z3d9.com https://globalchat1.com https://*.globalchat1.com https://stripe.com https://*.stripe.com https://cloudflare.com https://*.cloudflare.com https://360ssh.com https://*.360ssh.com https://googleapis.com https://*.googleapis.com https://fonts.gstatic.com https://*.fonts.gstatic.com https://ipv6.360ssh.com https://*.ipv6.360ssh.com https://appleid.cdn-apple.com https://*.appleid.cdn-apple.com https://accounts.google.com https://*.accounts.google.com; script-src 'self' https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://google-analytics.com https://*.google-analytics.com https://googleadservices.com https://*.googleadservices.com https://doubleclick.net https://*.doubleclick.net https://youtube.com https://*.youtube.com https://ipinfo.io https://*.ipinfo.io https://ajax.cloudflare.com https://*.ajax.cloudflare.com https://challenges.cloudflare.com https://*.chal
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (4)

Linked from (1)