atac.roma.it
atac.roma.it
HTML metadata
Technology
- Cookie consent
-
- Cookiebot
Third-party hosts loaded (2)
- kendo.cdn.telerik.com×3
- consent.cookiebot.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- dnsso1.interbusiness.it
- dnsso4.interbusiness.it
- ns0.atac.roma.it
- ns1.atac.roma.it
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
_5sdoz7g70gf7f0csxm9x2gcwf1szjl4_g6uohu6zgs7pxquf35pugy22u1wwsrcactalis-dcv=7em21vo4gq8ol4e8b04628a13b
- Verified for
-
- Apple
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 a mx ip4:85.18.198.48 ip4:85.18.198.53 ip4:85.18.198.57 include:_spf.google.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:admin@atac.roma.itpolicy: none (monitoring only) - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+sbQdh5T1KfKguMx1WX8p80ohkfQ+54DfqCeKa9S824lAY+VNFozxIVCqp0gkYOInAKdowk7jzLnQgeegcM…
selectors probed - google:
Certificate (current)
GeoTrust TLS RSA CA G1
Expires in 123 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.atac.roma.it atac.roma.it viaggiafacile.superdriver.it viaggiacon.atac.roma.it *.fontawesome.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://static.queue-it.net/ https://assets.queue-it.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://atac.queue-it.net/ https://ingestion.webanalytics.italia.it/ *.cdn.telerik.com https://cdn.perfdrive.com/aperture/aperture.js cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://js.arcgis.com 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eva- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
unsafe-none- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin