afigal-online.es
HTML metadata
Technology
Third-party hosts loaded (1)
- kit.fontawesome.com×1
Social
DNS records live
- NS
-
- ns.dinahosting.com
- ns2.dinahosting.com
- ns3.dinahosting.com
- ns4.dinahosting.com
- MX
-
- 10 mail.afigal-online.es
- TXT
-
3ckbgxhtycr7c5kxzqgx6ng20khj9749
Email authentication partial
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Thawte EV RSA CA G2
Expires in 117 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN- permissions-policy
camera=(), microphone=(), geolocation=(), fullscreen=*- x-content-type-options
nosniff- content-security-policy
default-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' sgrs:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' data: https: https://*.openstreetmap.org/ https://*.agenciatributaria.gob.es/; connect-src 'self' https: wss:; frame-src 'self' afirma: sgrs: https://*.google.com/ https://*.google.es/ https://*.youtube.com/ https://*.signaturit.com/ https://*.pinterest.com/ https://*.weborama.fr/; frame-ancestors 'self' https:; form-action 'self' https:; base-uri 'self'; object-src 'self'- strict-transport-security
max-age=63072000; includeSubDomains; preload;
Links to (7)
- bde.es×2
- cersa-sme.es×2
- cesgar.es×2
- conavalsi.com×2
- facebook.com×2
- sgrsoft.es×2
- twitter.com×2