amundi.cz
amundi.cz
HTML metadata
Technology
- Server
- nginx
- CMS
- Drupal
Third-party hosts loaded (2)
- static.amundi.com×28
- tag.aticdn.net×1
Social
DNS records live
- NS
-
- chenar.credit-agricole.fr
- ramses.credit-agricole.fr
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; sp=reject; rua=mailto:rua@dmarc.ca-gip.fr; adkim=r; aspf=r;policy: reject (enforced) · sp=reject - DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA OV R36
Expires in 252 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
img-src 'self' https://pbs.twimg.com https://*.amundi.com https://*.intramundi.com https://metrics.brightcove.com https://cf-images.eu-west-1.prod.boltdns.net data: https://logs1412.xiti.com/hit.xiti https://px.ads.linkedin.com https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect https://www.facebook.com https://px4.ads.linkedin.com https://res.cloudinary.com https://*.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tag.aticdn.net/*/smarttag.js blob: https://view.ceros.com/ cdn.jsdelivr.net https://cdn.amcharts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://static.amundi.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://platform.twitter.com https://*.amundi.com https://*.intramundi.com https://players.brightcove.net https://vjs.zencdn.net https://view.ceros.com https://t- strict-transport-security
max-age=63072000; includeSubDomains; preload