anqa-itsecurity.de
anqa-itsecurity.de
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
Social
Contact
Registration
- Updated
- 2025-08-25
- Name servers
-
- docks08.rzone.de.
- shades03.rzone.de.
DNS records live
- NS
-
- docks08.rzone.de
- shades03.rzone.de
- MX
-
- 10 mailscan.network-box.eu
- 20 de.cloud.network-box.com
- TXT
-
hibp-verify=dweb_39z2oq3glxieqme5ez5vhyew
- Verified for
-
- Brevo
Email authentication partial
- SPF
-
v=spf1 a:egs.anqa-security.de include:_spf.strato.com include:spf.mailjet.com a mx ip4:185.244.167.33/32 ip4:62.113.224.160/28 ip4:85.215.207.30/32 include:spf.berg.net include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.compolicy: none (monitoring only) - DKIM
-
- mail:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed - mail:
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 172 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- weak frame protection
- weak content type protection
Header values
- referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")- x-content-type-options
nosniff, nosniff- content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'inline-speculation-rules' https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://svrdntfctn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https:; frame-src 'self' https://www.google.com https://maps.google.com; media-src 'self' https:; manifest-src 'self'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content;, default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'inline-speculation-rules' https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://svrdntfctn.com; style-src 'sel- strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains