indexo.dev

badminton-most.cz

.cz crawl

First seen 2026-06-01 · Last seen 2026-06-01 · ok HTTP/1.1 200 281 ms crawled 2026-06-01

CZ · 62.109.154.40 · AS29134 Webglobe, s.r.o.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Badminton Most - TJ Baník Most
Language
cs

Technology

Server
nginx

Third-party hosts loaded (1)

  • www.google.com×2

Social

Contact

Email
Phone

DNS records live

NS
  • ns.onebit.cz
  • ns.onebit.eu
  • ns.onebit.org
MX
  • 0 mx10.onebit.cz
  • 10 mx10.onebit.eu

Email authentication strong

SPF
v=spf1 mx include:_spf.onebit.cz ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; rua=mailto:info@badminton-most.cz!5m; ruf=mailto:info@badminton-most.cz; rf=afrf; pct=100
policy: reject (enforced)
DKIM
  • default: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWM9s4woJfIcdHF3QtXPmiv4AWvIxTH/a7jj6GoXieDXtDabEmA9+i0lO07q5HkYYtaMieZW+4q/JnXFgJ4n…
selectors probed

Certificate (current)

R12
from 2026-03-30 to 2026-06-28
Expires in 25 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://badminton-most.cz/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self';connect-src 'self' ;font-src 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'nonce-IE6k6MBq/1MEyp5j8+5T3XWz0s14XuNAIZWt7wmclsw=' 'strict-dynamic';script-src-attr 'self' 'unsafe-inline';img-src 'self' data: blob: https://i.ytimg.com *.rajce.idnes.cz;base-uri 'self';form-action 'self';frame-src https://www.youtube.com https://www.google.com https://maps.google.com https://www.badminton-most.cz https://badminton-most.cz;frame-ancestors 'self';manifest-src 'self';object-src 'none';

Links to (8)

Linked from (1)