bkk-herkules.de

.de crawl

First seen 2026-04-21 · Last seen 2026-05-15 · ok HTTP/1.1 200 6805 ms crawled 2026-05-15

DE · 212.53.215.62 · AS8893 Artfiles New Media GmbH

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: BKK Herkules - Ausgezeichnete Gesundheitsleistungen
Description: Die Krankenkasse BKK Herkules bietet eine Vielzahl an Zuschüssen für Gesundheitsleistungen, die Versicherte normalerweise privat bezahlen müssen: Fitnessstudio, Zahnreinigung, Massagen und mehr + individuelle Beratung durch persönliche Ansprechpartner.
Language: de
Generator: TYPO3 CMS
Canonical: https://www.bkk-herkules.de/

Open Graph

url: https://www.bkk-herkules.de/
title: BKK Herkules
image:url: https://www.bkk-herkules.de/fileadmin/themes/herb/img/open-graph.png
site name: BKK Herkules
description: Die Krankenkasse BKK Herkules bietet eine Vielzahl an Zuschüssen für Gesundheitsleistungen, die Versicherte normalerweise privat bezahlen müssen: Fitnessstudio, Zahnreinigung, Massagen und mehr + individuelle Beratung durch persönliche Ansprechpartner.

Technology

Server: Apache

Third-party hosts loaded (1)

cdn.eye-able.com×2

Social

Contact

Phone

+0561208550

Registration

Updated

2026-05-10

Name servers

auth1.artfiles.de.
auth2.artfiles.de.

DNS records live

NS

auth1.artfiles.de
auth2.artfiles.de

MX

10 hermes.gkvsc.de
10 hermes2.gkvsc.de

TXT

MS=15243B8672C47F67C7E3EB50BD2329F62A66004B

Verified for

Google

Email authentication weak

SPF: v=spf1 a mx ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-10 to 2026-08-08

Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bkk-herkules.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self), camera=(self), microphone=(self), fullscreen=(self), autoplay=(self), accelerometer=(self), gyroscope=(self), magnetometer=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com js.adsrvr.org insight.adsrvr.org *.gwq-serviceplus.de https://connect.facebook.net/ https://load.smart-rechner.de https://www.weglot.com/ https://cdn.weglot.com/ https://cdn.weglot.com/weglot.min.js https://app-premium.onlim.com/ https://storage-premium.onlim.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://hilfsmittel.gwq-serviceplus.de/ *.eye-able.com https://cdn.eye-able.com/ https://www.googletagmanager.com/ https://consent.cookiebot.eu/ https://consentcdn.cookiebot.eu/; style-src 'report-sample' 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.googletagmanager.com https://load.smart-rechner.de/ https://cdn.weglot.com/ https://app-premium.onlim.com/ https://storage-premium.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://hilfsmittel.gwq-serviceplus.de/ https://cdn.eye-able.com/ *.go
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site

Links to (11)

Linked from (1)

ksv-baunatal.de×2