certiqua.ch
certiqua.ch
HTML metadata
Technology
- Server
- Microsoft-IIS
- jQuery
- 1.12.4 known XSS (<3.5)
- Stack
- PHP
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (8)
- f-live-certiqua-bewertungskarten.s3.amazonaws.com×15
- cdn.jsdelivr.net×2
- code.jquery.com×2
- www.googletagmanager.com×2
- ajax.googleapis.com×1
- cdnjs.cloudflare.com×1
- fonts.googleapis.com×1
- maxcdn.bootstrapcdn.com×1
Contact
- Phone
DNS records live
- NS
-
- ns-1437.awsdns-51.org
- ns-1866.awsdns-41.co.uk
- ns-235.awsdns-29.com
- ns-747.awsdns-29.net
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
Email authentication weak
- SPF
-
v=spf1 include:_spf.google.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 44 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- short HSTS max-age
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
no-referrer- x-frame-options
DENY- permissions-policy
geolocation=(), midi=(), sync-xhr=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), camera=(), microphone=(), usb=(), fullscreen=(self)- x-content-type-options
nosniff- content-security-policy
script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://apis.google.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com- strict-transport-security
max-age=2592000