ccvf.pt

HTML metadata

Title

CCVF

Language

pt

Canonical

https://www.ccvf.pt/

Translations

en
pt

Open Graph

url: https://www.ccvf.pt/
title: CCVF
description: É a principal casa da Cultura em Guimarães desde 2005.

Technology

CDN: Cloudflare
Server: openresty
JS framework: React

Analytics

Google Analytics
Google Tag Manager

Ads

Meta Pixel

Fonts

Google Fonts

Third-party hosts loaded (6)

cdn.bndlyr.com×37
img.bndlyr.com×3
connect.facebook.net×1
fonts.gstatic.com×1
www.google-analytics.com×1
www.googletagmanager.com×1

Social

Contact

Email

700geral@ccvf.pt

Phone

DNS records live

NS

ns1.mydnspt.net
ns2.mydnspt.net
ns7.mydnspt.net
ns8.mydnspt.net

MX

0 ccvf-pt.mail.protection.outlook.com

Verified for

Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:62.193.192.126 include:_spf.cleanmx.pt a mx ip4:195.8.59.79 ip4:195.8.58.0/24 ip4:195.8.59.0/24 ip4:213.30.17.114 include:_spf.kmitd.com include:spf.protection.outlook.com include:_spf.anubisnetworks.com -all

strict (-all)

DMARC

v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0:1:d:s;rf=afrf;ri=86400;rua=mailto:dmarc@ccvf.pt,mailto:dmarc_agg@vali.email;ruf=mailto:dmarc@ccvf.pt

policy: reject (enforced) · sp=reject

DKIM

default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GTIQS8oWRsObKohdLVKAjPbSSPOhMvezL7gXvZ4mmAMdB5ITVRC0kK1Z4UO1Xlntd3EUEasLHRuWc…
selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHrcPCfTE6fwmH3uiqOzDX471QX0uGEiDg9kIV32HNc4t4Ush79l9v5ejq028/axJPkOQUB4bPBUZS…

selectors probed

Certificate (current)

R12

from 2026-05-01 to 2026-07-30

Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.ccvf.pt/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self),microphone=(self),camera=(self),autoplay=(self),picture-in-picture=(self)
x-content-type-options: nosniff
content-security-policy: manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none'
strict-transport-security: max-age=63072000; includeSubDomains; preload