baywa-re.de

HTML metadata

Title

BayWa r.e. ist Ihr Partner für die Zukunft der Energie

Description

As a full service provider we support our customers and partners in all areas concerning renewable energy. Explore our portfolio!

Language

de

Canonical

/de

Translations

de
en

Open Graph

url: /de
locale: de_DE

Technology

CDN: Cloudflare
CMS: Nuxt

Third-party hosts loaded (3)

images.admiralcloud.com×4
a.storyblok.com×2
consent-eu.cookiefirst.com×1

Social

Registration

Updated

2022-12-09

Name servers

alexis.ns.cloudflare.com.
dorthy.ns.cloudflare.com.

DNS records live

NS

alexis.ns.cloudflare.com
dorthy.ns.cloudflare.com

MX

10 mx01.hornetsecurity.com
20 mx02.hornetsecurity.com
30 mx03.hornetsecurity.com
40 mx04.hornetsecurity.com
50 bayware-de01c.mail.protection.outlook.com

TXT

mindmanager-verification=171012c9a16ba9158fb7346114456e749ff67ae83747af444ea7f5bc7c6c5ebe
vEjxnXT9QYL9L7QjYLtLhBt+Pr9T2SHwvVy0n6HCsOAAhyoe9Zep/o0nVsjSb/KA1UCWSLvtyrtLvQnyb11TIw==

Verified for

Atlassian
Google

Email authentication strong

SPF

v=spf1 mx ip4:212.117.71.249 ip4:88.99.251.68 include:spf.protection.outlook.com include:spf.regioit.de include:spf.hornetsecurity.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc_agg@vali.email

policy: quarantine

DKIM

selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoyYXGL4hTeAjPMTdJm9nf63w+f8YQzFOooA3bCRwxedylfo3E2OtNYpANKu5yxNoYO1VkXi9u2/Nw17PS7…

selectors probed

Certificate (current)

WE1

from 2026-04-11 to 2026-07-10

Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.baywa-re.de/de

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection

Header values

referrer-policy: no-referrer
x-frame-options: ALLOW-FROM storyblok.com
permissions-policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: *.storyblok.com *.baywa-re.com *.bayware-webdev.com images.admiralcloud.com imagebasics.admiralcloud.com *.googleapis.com maps.gstatic.com tm.baywa-re.com consent.cookiefirst.com https://www.google.de https://www.google.com https://google.com https://www.facebook.com googletagmanager.com *.googletagmanager.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com *.google-analytics.com https://t.co https://analytics.twitter.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com fonts.gstatic.com; object-src 'none'; script-src-attr 'self' 'unsafe-hashes' 'sha256-bwK6T5wZVTANitXbrTsel7kl/PyCjCd/Dq5Qoz3imjM='; style-src 'self' https: 'unsafe-inline' images.admiralcloud.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' player.admiralcloud.com https://errors.dkd.de; upgrade-insecure
strict-transport-security: max-age=15552000; includeSubDomains
cross-origin-opener-policy: same-origin