carletto.de

.de crawl

First seen 2026-05-31 · Last seen 2026-05-31 · ok HTTP/1.1 200 752 ms crawled 2026-06-01

CH · 217.26.51.8 · AS29097 Hostpoint AG

Reputation 89/100 weak security headers dmarc monitor-only

sector other type landing page

HTML metadata

Title

Carletto GmbH

Language

de-de

Translations

Open Graph

url: https://carletto.de/de/
title: Carletto GmbH
locale: de_DE
site name: Carletto GmbH

Technology

Server: Apache
CMS: Joomla

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×4
www.googletagmanager.com×2
www.google.com×1

Contact

Email

info@carletto.de

Phone

+49 6074 370 40 50

Registration

Updated

2024-08-29

Name servers

bethany.ns.cloudflare.com.
dave.ns.cloudflare.com.

DNS records live

NS

bethany.ns.cloudflare.com
dave.ns.cloudflare.com

MX

10 carletto-de.mail.protection.outlook.com

Email authentication partial

SPF

v=spf1 include:spf.mail.hostpoint.ch include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Oi0fwImxKcWBtkj6DFQuMeryDrIiNXbjclCmqgptCCBGUrRTWr1CvKOb/50x/Iuvs/gWoJPCMmv0L…

selectors probed

Certificate (current)

R13

from 2026-05-01 to 2026-07-30

Expires in 57 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://carletto.de/de/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self' 'unsafe-inline'; img-src https://carletto.de/ data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/

Links to (1)

carletto-b2b.de×1

Linked from (1)

simonjan.de×1