cabicattaneo.it
HTML metadata
Technology
- Server
- nginx
- jQuery
- 3.3.1 known XSS (<3.5)
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- stackpath.bootstrapcdn.com×2
- cdnjs.cloudflare.com×1
- code.jquery.com×1
- fonts.googleapis.com×1
Contact
DNS records live
- NS
-
- ns1.myvdc.it
- ns2.myvdc.it
- MX
-
- 15 mx-01-eu-central-1.prod.hydra.sophos.com
- 20 mx-02-eu-central-1.prod.hydra.sophos.com
- TXT
-
sophos-domain-verification=80e4ca606e923dd45f3c8ff02b67edbffb2a0f46v=DMARC1; pct=100; p=none; adkim=r; aspf=rMS=88F2A116E1200C742DE1FDDD731080412B0618FB
Email authentication strong
- SPF
-
v=spf1 include:_spf.prod.hydra.sophos.com -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; pct=100;policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 48 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(), microphone=(), camera=()- x-content-type-options
nosniff- content-security-policy
default-src * data: blob: filesystem:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; style-src * 'unsafe-inline' data: blob: filesystem:; img-src * data: blob: filesystem:; font-src * data: blob: filesystem:; media-src * data: blob: filesystem:; object-src *; frame-src 'self' * blob:; worker-src * blob:;- strict-transport-security
max-age=15768000; includeSubDomains
Linked from (1)
Use this data via API
Everything on this page for cabicattaneo.it is available as JSON from the indexo.dev REST & MCP API.
curl "https://indexo.dev/api/v1/domains/cabicattaneo.it" \ -H "X-API-Key: idx_..."