indexo.dev

appel.at

.at crawl

First seen 2026-06-02 · Last seen 2026-06-03 · ok HTTP/1.1 200 993 ms crawled 2026-06-03

DE · 78.46.26.11 · AS24940 Hetzner Online GmbH

Reputation 87/100 weak security headers no dmarc policy

Classifying

HTML metadata

Title
Startseite | Appel GmbH
Language
de-AT
Generator
TYPO3 CMS
Canonical
https://www.appel.at/

Open Graph

image:url
https://www.appel.at/fileadmin/_processed_/a/c/csm_Appel_Logo_weit_da4b90e042.jpg

Technology

Server
nginx

Social

Contact

Email
Phone

DNS records live

NS
  • dns1.a1.net
  • dns2.a1.net
  • dns3.a1.net
MX
  • 20 mail.appel.at
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 a mx a:mail4.leeb-gmbh.com -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-05-17 to 2026-08-15
Expires in 71 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.appel.at/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self' *.hcaptcha.com; script-src 'self' *.facebook.net *.hcaptcha.com hcaptcha.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.hcaptcha.com; font-src 'self' *.hcaptcha.com data:; frame-ancestors 'none'; form-action 'self'; report-uri https://www.appel.at/@http-reporting?csp=report&requestTime=1780387657757449&requestHash=07b10453fc8de1a163550078dff8c8e0908382b7

Links to (3)

Linked from (1)