caixabankdualiza.es

.es crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2368 ms crawled 2026-05-19

US · 45.60.34.133 · AS19551 Incapsula Inc

Reputation 100/100

Classifying

HTML metadata

Title: Caixabank Dualiza - Formación Profesional Dual
Description: La Fundación CaixaBank Dualiza promueve la Formación Profesional a través del apoyo a los docentes y al alumnado.
Language: es
Canonical: https://www.caixabankdualiza.es/

Open Graph

url: https://www.caixabankdualiza.es/
title: Caixabank Dualiza - Formación Profesional Dual
locale: es_ES
site name: Caixabank Dualiza
description: La Fundación CaixaBank Dualiza promueve la Formación Profesional a través del apoyo a los docentes y al alumnado.

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

DNS records live

NS

ns1.lacaixa.com
ns2.lacaixa.com

MX

10 mxa-0027ec02.gslb.pphosted.com
10 mxb-0027ec02.gslb.pphosted.com

TXT

91a26ee4-bf38-4583-bfba-fe5e78fb2515
MwEKpfvVB1kNwgho8zqlUN49nCshnxNkpVYohbXv3hNpkd63thK67HcO3fSo+emHV3IyP3EZSlQdoRFtMLP0+Q==
Ls5T1ZKqcwJHPsBIKABMj9Ge2KlOXvce7DfVc5lMNXSmwCApTRbBjf7BtYFNuVjYlFn0JToQY60DsFClsH/SaQ==

Verified for

Microsoft 365

Email authentication strong

SPF: v=spf1 include:spf-0027ec02.pphosted.com ip4:212.89.1.128 -all
strict (-all)
DMARC: v=DMARC1;p=reject;fo=1;rua=mailto:caixa-bank@rua.agari.com,mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:caixa-bank@ruf.agari.com,mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

COMODO RSA Organization Validation Secure Server CA

from 2025-09-23 to 2026-09-24

Expires in 126 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.caixabankdualiza.es/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adtrafficquality.google connect.facebook.net *.google.es *.google.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.metricool.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src 'self' data: *.adtrafficquality.google www.facebook.com *.ytimg.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.es *.google-analytics.com *.gstatic.com *.adsensecustomsearchads.com *.gravatar.com *.metricool.com; font-src 'self' data: *.gstatic.com; connect-src 'self' *.adtrafficquality.google *.google-analytics.com *.google.com *.doubleclick.net *.hcaptcha.com *.googlesyndication.com; frame-src 'self' blob: *.adtrafficquality.google *.doubleclick.net *.youtube.com *.adsensecustomsearchads.com *.google.com *.googletagmanager.com *.hcaptcha.com; frame-ancestors 'self';
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-site

Links to (12)

Linked from (7)