indexo.dev

berg-festival.com

.com crawl

First seen 2026-05-06 · Last seen 2026-05-12 · ok HTTP/1.1 200 3682 ms crawled 2026-05-12

DE · 138.201.60.52 · AS24940 Hetzner Online GmbH

Reputation 100/100

Classifying

HTML metadata

Title
Home - BERGFESTival Saalbach
Description
Der Winter rockt, soviel ist klar. Beim BERGFESTival in Saalbach erwarten euch großartige Bands vor einer verschneiten Kulisse.
Language
de
Generator
WordPress 6.9.4
Canonical
https://www.berg-festival.com/
Feeds

Open Graph

url
https://www.berg-festival.com/
title
BERGFESTival
locale
de_DE
site name
BERGFESTival Saalbach
description
Der Winter rockt, soviel ist klar. Und in Saalbach beim BERGFESTival erst richtig. Wir freuen uns auf großartige Bands, auf ein verschneites Saalbach & auf Euch!

Technology

Server
nginx
CMS
WordPress
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • mainframe.capcorn.net×2
  • s3-eu-west-1.amazonaws.com×2
  • cloud.ccm19.de×1
  • static.getclicky.com×1
  • www.facebook.com×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
Created
2013-07-11
Expires
2026-07-11 51 days left
Updated
2025-07-10
Name servers
  • root-dns.netcup.net
  • second-dns.netcup.net
  • third-dns.netcup.net

DNS records live

NS
  • root-dns.netcup.net
  • second-dns.netcup.net
  • third-dns.netcup.net
MX
  • 50 mxe989.netcup.net

Email authentication strong

SPF
v=spf1 mx a include:_spf.webhosting.systems ~all
softfail (~all)
DMARC
v=DMARC1;p=quarantine; pct=100;rua=info@berg-festival.com; ruf=info@berg-festival.com;adkim=s;aspf=r
policy: quarantine
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-03-16 to 2026-06-14
Expires in 24 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.berg-festival.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(self), battery=(), camera=(), cross-origin-isolated=(self), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(), clipboard-write=(self), gamepad=(self), speaker-selection=(self), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(self), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src 'self' blob: ; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src *
strict-transport-security
max-age=15552123 ; includeSubDomains; preload

Links to (15)

Linked from (1)