carolina.pl — domain check, WHOIS, DNS & reputation

HTML metadata

Title

Pierwsza liga w ortopedii - Szpital Carolina

Description

Kompleksowe leczenie schorzeń i urazów narządu ruchu: konsultacje, rehabilitacja, badanina obrazowe oraz zabiegi. Pierwsza liga w ortopedii.

Language

pl-PL

Generator

WPML ver:4.6.9 stt:1,40;

Canonical

https://carolina.pl/

Translations

en
pl

Feeds

Open Graph

url: https://carolina.pl/
title: Pierwsza liga w ortopedii - Szpital Carolina
locale: pl_PL
site name: Szpital Carolina
description: Kompleksowe leczenie schorzeń i urazów narządu ruchu: konsultacje, rehabilitacja, badanina obrazowe oraz zabiegi. Pierwsza liga w ortopedii.
updated time: 2026-05-05T12:42:21+02:00

Technology

Server: Apache
CMS: WordPress
jQuery: 1.4.1 known XSS (<3.5)

Analytics

Google Tag Manager

Third-party hosts loaded (4)

gmpg.org×1
www.facebook.com×1
www.google.com×1
www.googletagmanager.com×1

Social

Contact

Phone

+48223558200

DNS records live

NS

dns.home.pl
dns2.home.pl
dns3.home.pl

MX

0 relay2.luxmed.pl

TXT

onet-domain-verification=14e4f57e2a5d377858f18637335e254c

Verified for

Microsoft 365
OneTrust

Email authentication strong

SPF

v=spf1 ip4:91.220.39.122/32 mx include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:88a0ee146618757@rep.dmarcanalyzer.com; ruf=mailto:88a0ee146618757@for.dmarcanalyzer.com; adkim=s; aspf=s; fo=1

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszRgJ6gjkgl2fv6VZeENiHKPP0VHfeJX67OM3t2RfvdgahcmLIEpV2lUXgF7rRRQvRqI6D1XZUTfqV…

selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1

from 2025-07-29 to 2026-08-29

Expires in 89 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://carolina.pl/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' data: *.googleadservices.com *.google.com *.google.pl *.gstatic.com *.w.org *.doubleclick.net *.googletagmanager.com *.gravatar.com *.google-analytics.com *.hotjar.com *.hotjar.io *.googleadservices.com *.facebook.net *.facebook.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.googleadservices.com *.google.com *.google.pl *.gstatic.com *.hotjar.com *.hotjar.io *.googleadservices.com *.facebook.net *.facebook.com *.googleapis.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.googleadservices.com *.google.com *.gstatic.com *.hotjar.com *.hotjar.io *.googleadservices.com *.facebook.net *.facebook.com *.googleapis.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net consent.cookiebot.com bat.bing.com mc.yandex.ru clarity.ms www.clarity.ms consentcdn.cookiebot.com scripts.clarity.ms; style-src 'self' 'unsafe-inli
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin

Links to (6)

Linked from (1)

luxmed.pl×1