altana.de

.de crawl

First seen 2026-04-15 · Last seen 2026-05-13 · ok HTTP/1.1 200 834 ms crawled 2026-05-10

US · 150.171.109.36 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title: Global führend in reiner Spezialchemie - ALTANA AG
Description: ALTANA AG
Language: de
Generator: TYPO3 CMS

Technology

CDN: Azure Front Door
CMS: Joomla

Third-party hosts loaded (1)

altanadecdn.azureedge.net×31

Registration

Updated

2026-02-19

Name servers

ns1-09.azure-dns.com.
ns2-09.azure-dns.net.
ns3-09.azure-dns.org.
ns4-09.azure-dns.info.

DNS records live

NS

ns1-09.azure-dns.com
ns2-09.azure-dns.net
ns3-09.azure-dns.org
ns4-09.azure-dns.info

MX

10 smail-alt-mta1.dts-security.de
10 smail-alt-mta2.dts-security.de

TXT

google-site-verification=7ZwYR-fuD79kcUlL1nIDAfGawjN5ZQTi7vcYxQYwBt8
MS=ms75565383

Email authentication strong

SPF: v=spf1 include:spf.protection.outlook.com ip4:62.75.140.105 ip4:62.75.140.106 include:spf1.dts-security.de -all
strict (-all)
DMARC: v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email;
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-03-18 to 2026-09-19

Expires in 123 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.altana.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' altanacomcdn.azureedge.net altanadecdn.azureedge.net *.azureedge.net *.choice.faktor.io cmp.faktor.mgr.consensu.org *.privacymanager.io *.google.com *.gstatic.com maps.googleapis.com *.recruitmentplatform.com *.etracker.com *.etracker.de *.googletagmanager.com api.signalize.com *.consentmanager.net *.googleapis.com *.easy-feedback.com *.vimeo.com vimeo.com *.stripe.com *.paypal.com; default-src 'self' 'unsafe-inline' maps.googleapis.com maps.gstatic.com *.etracker.com *.etracker.de *.googletagmanager.com api.signalize.com *.google.com *.consentmanager.net *.googleapis.com *.easy-feedback.com *.google-analytics.com *.azureedge.net *.juicer.io *.vimeo.com vimeo.com *.stripe.com *.paypal.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.consentmanager.net *.azureedge.net *.vimeo.com; form-action 'self' *.paypal.com;
strict-transport-security: max-age=31536000; includeSubDomains; preload; always;