bb-ballon.ch

.ch crawl

First seen 2026-05-29 · Last seen 2026-05-29 · ok HTTP/1.1 200 238 ms crawled 2026-05-31

CH · 217.26.52.23 · AS29097 Hostpoint AG

Reputation 84/100 spf without fallback no dmarc policy

Classifying

HTML metadata

Title

bb-ballon.ch – Home

Description

your Benno Betschart Ballonfahrten

Language

Generator

CMSimple_XH 1.8 2024121101 - www.cmsimple-xh.org

Canonical

https://domain.tld/

Translations

Technology

Server: Apache
CMS: Joomla 1.8
jQuery: 1.12.4 known XSS (<3.5)

Third-party hosts loaded (1)

domain.tld×3

Contact

Email

info@bb-ballon.ch

Phone

+41 79 296 57 06

DNS records live

NS

ns.hostpoint.ch
ns2.hostpoint.ch
ns3.hostpoint.ch

MX

10 mx1.mail.hostpoint.ch
10 mx2.mail.hostpoint.ch

Email authentication weak

SPF: v=spf1 redirect=spf-permissive.mail.hostpoint.ch
missing all
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-26 to 2026-07-25

Expires in 54 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://bb-ballon.ch/

present

content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(), camera=(self), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), display-capture=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), gamepad=(self), geolocation=(self), gyroscope=(self), interest-cohort=(), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), speaker-selection=(self), sync-xhr=(), usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: blob:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin

Links to (1)

bs-creations.ch×1

Linked from (1)

bs-creations.ch×1