avalcanarias-online.es
HTML metadata
Technology
Third-party hosts loaded (1)
- kit.fontawesome.com×1
Social
DNS records live
- NS
-
- dns35.servidoresdns.net
- dns36.servidoresdns.net
- MX
-
- 10 mx.serviciodecorreo.es
- TXT
-
84cthj90py9q7tdrckkqnyqgfvf8zjxn4psgfjxtnh5yyv5lpj3d3p0pyb31vdym8vj2nmfn9wr6jt9frsm7vmpv3qd89xyy
Email authentication weak
- SPF
-
v=spf1 include:_spf.serviciodecorreo.es ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA EV R36
Expires in 170 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
camera=(), microphone=(), geolocation=(), fullscreen=*- x-content-type-options
nosniff- content-security-policy
default-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' sgrs:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' data: https: https://*.openstreetmap.org/ https://*.agenciatributaria.gob.es/; connect-src 'self' https: wss:; frame-src 'self' afirma: sgrs: https://*.google.com/ https://*.google.es/ https://*.youtube.com/ https://*.signaturit.com/ https://*.pinterest.com/ https://*.weborama.fr/; frame-ancestors 'self' https:; form-action 'self' https:; base-uri 'self'; object-src 'self'- strict-transport-security
max-age=63072000; includeSubDomains; preload;
Links to (7)
- avalcanarias.es×2
- bde.es×2
- cersa-sme.es×2
- cesgar.es×2
- facebook.com×2
- sgrsoft.es×2
- twitter.com×2