indexo.dev

carletto.ch

.ch crawl

First seen 2026-05-11 · Last seen 2026-05-11 · ok HTTP/1.1 200 5845 ms crawled 2026-05-17

CH · 217.26.51.8 · AS29097 Hostpoint AG

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Carletto AG
Language
de-de
Translations
  • de-de
  • en-gb
  • fr-fr

Open Graph

url
https://carletto.ch/de/
title
Carletto AG
locale
de_DE
site name
Carletto AG

Technology

Server
Apache
CMS
Joomla
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • fonts.googleapis.com×2
  • www.googletagmanager.com×2
  • www.google.com×1

Contact

Email
Phone

DNS records live

NS
  • bethany.ns.cloudflare.com
  • dave.ns.cloudflare.com
MX
  • 10 carletto-ch.mail.protection.outlook.com
TXT
  • MS=ms19746710

Email authentication partial

SPF
v=spf1 a mx include:spf.nl2go.com include:sendgrid.net include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wqif/eoG2d2j0EcidSlGdDdnG5l6nWsvDfiKA3rLl/4BNiKPd1PNshfd6VaPNHfpokysBz6xGybFm…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmAaXrO/9YhCO4Yf6E14axWtUpUohFn6c99vEP/7zz/mApYexNEq0JHQ/gvMsHYB/k3HINkIU4/Qcx7w1s…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte2fB2qPH8pOhJmbb7hOkDxuh747fl5OKDCAMHuVW3u1aN3NzH0p7BcFMoSzHJfX9mjDXtkA2yE8KRHTbx…
selectors probed

Certificate (current)

R12
from 2026-05-01 to 2026-07-30
Expires in 71 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://carletto.ch/de/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self' 'unsafe-inline'; img-src https://carletto.ch/ data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/

Linked from (1)