y.co
HTML metadata
Technology
- CDN
- Cloudflare
- Server
- BunnyCDN-FI1-1208
- Analytics
-
- Google Analytics
- Google Tag Manager
- Cookie consent
-
- Usercentrics
Third-party hosts loaded (3)
- www.googletagmanager.com×3
- web.cmp.usercentrics.eu×2
- www.google-analytics.com×1
Social
Contact
DNS records live
- NS
-
- gerardo.ns.cloudflare.com
- rayne.ns.cloudflare.com
- MX
-
- 10 mx1-eu1.ppe-hosted.com
- 10 mx2-eu1.ppe-hosted.com
- TXT
-
Show 13 TXT records
KR+osAfGN8FC6Jc/wJhXAFEZR4aPJSZlOjtYI+lGxTYbqohnxiHlzKxFKWYNA81FJWH96e/0WLidyRL+7dUS+w==MS=DF9C40422DC25BD421ECBFBF1CE1F737AF9A27BAMS=ms88579881Validity-Domain-Verification=aFyHATGsncgAWPW3N4f4CZyoLcU=apple-domain-verification=k4mZIOl1NCZ5EcFTgoogle-gws-recovery-domain-verification=39282665google-site-verification=-nUJCVNs_JdJIQBqhetu9zjN7LGMf0ZhD3PdfkgyXKMgoogle-site-verification=mm5vsI9tT_YoT-HuCVZXfanqXc_3e0bXmWTd8v1zVKohibp-verify=dweb_mnfiznpmpoasw2ruj2mh9i99pardot1022683=26405c68a6c18ab2382db9a288b786b133b5f01d12c73e7e76d5973def17b534ppe-3a0049077c4d80d3caaffafbbd8926cc5d868556sending_domain1022683=970f8fdc35e4d55d1305a13bb24b24cadd7adb9d6dc6ca70ac64b91e9fc9b3a8validity-domain-monitoring=WSevRnIp0goRipYT2WVQ5qTN6
Email authentication strong
- SPF
-
v=spf1 redirect=y.co.hosted.spf-report.comno all qualifier - DMARC
-
v=DMARC1;p=reject;pct=10;rua=mailto:acb34262@mxtoolbox.dmarc-report.com,mailto:dmarc@y.co,mailto:dmarc_agg@dmarc.everest.email;ruf=mailto:acb34262@forensics.dmarc-report.com,mailto:dmarc@y.co,mailto:dmarc_fr@dmarc.everest.emailpolicy: reject (enforced) · pct=10 - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjTIXZjy/pmhMD5a51tRNqWrfaNl+RImR849YnLTU6QwZ6gb9lUZLTA4U2oZq5sVvZZORBJtgqshk7Qyp+6m… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLsihIHUCd+phGU4zGuA/Z+2SqosTm+6YA6woo3a8oV+/YN+OpqvtD65XGMZ7uY0VtxO1qwxjhr2QH… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - selector1:
Certificate (current)
R13
Expires in 60 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- permissions-policy
geolocation=(), microphone=(), camera=(), fullscreen=(self)- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-assets.y.co https://www.googletagmanager.com https://*.clarity.ms https://*.pardot.com https://*.vimeocdn.com https://player.vimeo.com https://f.vimeocdn.com https://www.gstatic.com https://bat.bing.com http://go.y.co https://go.y.co https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.google-analytics.com https://cht-srvc.net https://*.livechatinc.com https://*.cloudflareinsights.com https://*.usercentrics.eu https://*.zapier.com https://charter-ai-yco.zapier.app https://charter-ai-yco-public.zapier.app https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn-assets.y.co https://*.livechatinc.com https://api.mapbox.com; img-src 'self' data: https://cdn-assets.y.co https://*.mapbox.com https://video.y.co https://assets.y.co https://cdn-video.y.co https://cdn-image.y.co https://res.cloudinary.com https://www.google.co.uk/ads/ga-audiences https://bat.bing.net https://bat.bing.com https- strict-transport-security
max-age=31536000- cross-origin-opener-policy
same-origin-allow-popups- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin