indexo.dev

bimsplus24.pl

.pl crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 303 ms crawled 2026-05-30

DE · 185.111.170.113 · AS204147 Cordes & Graefe KG

Reputation 95/100 weak security headers

Classifying

HTML metadata

Language
de

Technology

Stack
ASP.NET

DNS records live

NS
  • ns.europe.adacor.net
  • ns.global.adacor.net
  • ns5.adacor.net
MX
  • 0 bimsplus24-pl.mail.protection.outlook.com
TXT
  • mojecertpl-site-verification-Hp7F42Niir86NxbW7oeTTHW8IWZjdkDO
Verified for
  • Microsoft 365

Email authentication strong

SPF
v=spf1 mx ip4:185.111.169.10 ip4:185.111.169.12 ip4:185.111.169.29 ip4:185.111.170.23 include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1;p=quarantine;aspf=r
policy: quarantine
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8c8P2R6xcxF+s/TMRKXls5caBUcngUaYg0dbcZ3oW2Jzbqfzlu7pOY271etD6m7blfCleWCi+HXaz…
selectors probed

Certificate (current)

GlobalSign GCC R3 DV TLS CA 2020
from 2026-02-09 to 2027-03-13
Expires in 286 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://bimsplus24.pl/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://www.datadoghq-browser-agent.com/ https://maps.google.com/ https://maps.googleapis.com/ https://youtu.be/ https://*.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://at.wconfigure.com/ https://widget.itek.de/ https://widget.itek.de/ http://static.hotjar.com http://script.hotjar.com http://www.datadoghq-browser-agent.com/ http://maps.google.com/ http://maps.googleapis.com/ http://youtu.be/ http://*.usercentrics.eu/ http://*.omtrdc.net/ http://*.tt.omtrdc.net/ http://*.demdex.net/ http://cm.everesttech.net http://assets.adobedtm.com/ http://wconfigure.com/ http://at.wconfigure.com/ http://widget.itek.de/ http://widget.itek.de/; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://wconfigure.com/ https:

Links to (5)

Linked from (1)