indexo.dev

adac-mittelrhein.de

.de crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 273 ms crawled 2026-05-19

DE · 188.40.220.75 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

sector automotive type homepage

HTML metadata

Title
ADAC Ortsclubportal Mittelrhein: ADAC MRH
Language
de-DE
Generator
TYPO3 CMS
Canonical
https://adac-mittelrhein.de/

Technology

Server
Apache
jQuery
3.3.1 known XSS (<3.5)
Cookie consent
  • Cookiebot

Third-party hosts loaded (1)

  • consent.cookiebot.com×1

Social

Registration

Updated
2024-07-02
Name servers
  • cns1.alfahosting.info.
  • cns2.alfahosting.info.
  • cns3.alfahosting.info.

DNS records live

NS
  • cns1.alfahosting.info
  • cns2.alfahosting.info
  • cns3.alfahosting.info
MX
  • 10 mail.adac-mittelrhein.de
TXT
  • m5k995p721odbvk7jdh844ae8f
Verified for
  • Brevo

Email authentication partial

SPF
v=spf1 +a +mx +a:bamberg.jweiland.cloud include:spf.brevo.com include:ispgateway.de include:_spf.strato.com ip4:85.214.217.14 -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-12 to 2026-07-11
Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://adac-mittelrhein.de/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
Header values
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(), camera=(), microphone=(), payment=(), fullscreen=(self), accelerometer=(), gyroscope=(), magnetometer=(), interest-cohort=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'nonce-YMKMOMkcjsj0XRltCaTHbi5183FxjnwW2IJ-yZ_ZbKef7xrqNKIJIw' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com blob: https://imgsct.cookiebot.com https://www.google.com https://www.gstatic.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www.google.com https://consentcdn.cookiebot.com https://myrace.adacmrh.de; upgrade-insecure-requests; connect-src 'self' https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; form-action 'self' https://*.cleverreach.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 'report-sample'; report-uri https://adac-mittelrhein.de/@http-reporting?csp=report&requestTime=1779225733620666&requestH
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (9)

Linked from (4)