awo-herzensjob.de
HTML metadata
Technology
- CMS
- Gatsby
Registration
- Updated
- 2023-06-29
- Name servers
-
- docks03.rzone.de.
- shades19.rzone.de.
DNS records live
- NS
-
- docks03.rzone.de
- shades19.rzone.de
- MX
-
- 5 smtpin.rzone.de
- TXT
-
0h5dfs64lx8h8vrx8447n5ttqxhwh8q4
Email authentication strong
- SPF
- not published
- DMARC
-
v=DMARC1;p=reject;policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
DigiCert Global G2 TLS RSA SHA256 2020 CA1
Expires in 51 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()- x-content-type-options
nosniff- content-security-policy
default-src https: data: blob: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src 'self' https: blob:; base-uri 'self'; frame-ancestors 'self' stellenanzeigen.de iframetester.com ;- strict-transport-security
max-age=15552000; includeSubDomains; preload