billa.at
HTML metadata
Technology
- Server
- istio-envoy
- CMS
- Nuxt
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- OneTrust
Third-party hosts loaded (5)
- assets-eu-01.kc-usercontent.com×38
- assets.adobedtm.com×1
- cdn.cookielaw.org×1
- images.cdn.europe-west1.gcp.commercetools.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns-cloud-c1.googledomains.com
- ns-cloud-c2.googledomains.com
- ns-cloud-c3.googledomains.com
- ns-cloud-c4.googledomains.com
- MX
-
- 10 mxa-009d0501.gslb.pphosted.com
- 10 mxb-009d0501.gslb.pphosted.com
- TXT
-
Show 14 TXT records
6lsEtqKe9PCL85tFnsqMGTVTd3rPrpj8V8Z+LucqtRbR7aa8c6ZxMndSP1bD0USIXcIsJqOqhQCl4NUoycW0PQ==MS=ms86534945iiHkmY4jmKcMB7KELa58Epum+g9Ni5NPZiykh6krpszE7zueVJURKGv6AuZ6ItroxvKCW4nmjtOHhSE5hb0x4Q==atlassian-domain-verification=rWCxzKFqoqrbYzN9TZpsXZUsSVjOaRMh3aR8UL7wwXCMbz8zFYvlZEFPrAhY1tdNgoogle-site-verification=48PQTmEbuedGvtM_-YvCgEK4kcv-kNjYmVgUJINsE4spinterest-site-verification=f1fbe99f3413f03eb1048b257a0a0c50_globalsign-domain-verification=OLNe_-e1DFI6vOELVhpr8bxGY9rnbcIAu6pq4rWQ3D992kxtrdr5sgztdt8xmssmhczjh8w57smiro-verification=8780c558883d65a14d9e43255cece5aa6015f3d3docusign=be311172-87bf-4985-b79f-98e2517931a2globalsign-domain-verification=adfb318f4fd181d4e64c6836b5fca44fciscocidomainverification=19df7a012368615887de8c769fea3c922ad7721d4e975526a918805c3997bb78google-site-verification=FmG1A8hh6bA7mE_HpVRWoli5O8kNGdKwQ2MjuBLg-T4MS=ms18926729
Email authentication partial
- SPF
-
v=spf1 include:spf-009d0501.pphosted.com include:spf.rewe-group.at ip4:146.255.58.35 ip4:193.169.76.0/23 ip4:80.228.117.0/24 include:spf.protection.outlook.com include:spf.dialog-mail.com include:spf.eu.odmad.quest-on-demand.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; pct=100; rua=mailto:re+dgnqpnpcxxc@dmarc.postmarkapp.com; sp=none; aspf=r;policy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
WR3
Expires in 40 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), display-capture=(), fullscreen=(self self self), geolocation=(self self self), microphone=()- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://payment.preprod.payone.com https://payment.payone.com 'self' https://payment.preprod.payone.com https://payment.payone.com 'self' https://payment.preprod.payone.com https://payment.payone.com; frame-ancestors https://app.kontent.ai https://app.kontent.ai https://app.kontent.ai; img-src 'self' data: https: 'self' data: https: 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: 'unsafe-inline' 'unsafe-eval' https: 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests;- strict-transport-security
max-age=31536000; includeSubDomains; preload- cross-origin-opener-policy
same-origin- cross-origin-resource-policy
cross-origin
Links to (13)
- apple.com×1
- billareisen.at×1
- facebook.com×1
- google.com×1
- instagram.com×1
- joe-club.at×1
- joe-reisen.at×1
- pinterest.com×1
- rewe-group.at×1
- spotify.com×1
- tiktok.com×1
- twitter.com×1
- youtube.com×1