indexo.dev

certo-card.ch

.ch crawl

First seen 2026-05-27 · Last seen 2026-05-27 · ok HTTP/1.1 200 1244 ms crawled 2026-05-30

CH · 212.243.147.200 · AS3303 Bluewin

Reputation 100/100

Classifying

HTML metadata

Title
Hier gibt’s richtig was zurück. Certo! One Mastercard
Description
Gratis Certo! One Mastercard® mit 1 % Cashback bei 3 Lieblingshändlern & 0,25 % überall sonst. Ohne Jahresgebühr, mit CHF 50 Startguthaben – jetzt in der…
Language
de
Generator
SEOmatic
Canonical
https://certo-card.ch/one/de/
Translations
  • de
  • fr
  • it

Open Graph

url
/one/de/
title
Hier gibt’s richtig was zurück. Certo! One Mastercard
locale
de
see also
https://www.facebook.com/cembra.ch/
site name
Hier gibt’s richtig was zurück. Certo! One Mastercard
description
Gratis Certo! One Mastercard® mit 1 % Cashback bei 3 Lieblingshändlern & 0,25 % überall sonst. Ohne Jahresgebühr, mit CHF 50 Startguthaben – jetzt in der…
locale:alternate
fr

Technology

CMS
Gatsby
Stack
PHP
Analytics
  • Google Tag Manager
Cookie consent
  • OneTrust

Third-party hosts loaded (2)

  • cdn.cookielaw.org×1
  • www.googletagmanager.com×1

Contact

Phone
Address
Cembra Money Bank AGBändliweg 208048 Zürich

DNS records live

NS
  • ns.hostpoint.ch
  • ns2.hostpoint.ch
  • ns3.hostpoint.ch
TXT
  • swisssign-check=ZVGHUh74lRpeoal-pXlT2TUSQTQ

Email authentication no MX

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

SwissSign RSA TLS EV ICA 2022 - 1
from 2025-06-27 to 2026-06-27
Expires in 26 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://certo-card.ch/one/de/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.licdn.com https://bat.bing.com https://storage.googleapis.com https://*.cookielaw.org https://bat.bing.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.googleoptimize.com https://optimize.google.com https://www.googletagmanager.com https://www.googleadservices.com https://track.adform.net https://googleads.g.doubleclick.net https://s2.adform.net https://connect.facebook.net https://*.mynsystems.com https://*.serversidegraphics.com https://uk.personalcard.net https://static.hotjar.com https://cdn.exactag.com https://m.exactag.com https://script.hotjar.com https://*.google.de https://tc.cembra.ch https://*.googlesyndication.com https://www.google.com; img-src 'self' data: blob: https://*.doubleclick.net https://*.linkedin.com https://*.go
strict-transport-security
max-age=63072000; includeSubDomains; preload

Links to (1)

Linked from (1)