chipitall.nl
chipitall.nl
HTML metadata
Technology
- Server
- nginx
- Stack
- PHP
- Fonts
-
- Font Awesome
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×2
- cdn.jsdelivr.net×1
- use.fontawesome.com×1
Social
DNS records live
- NS
-
- ns1.hosting2go.nl
- ns2.hosting2go.nl
- MX
-
- 10 spam1.hosting2go.nl
- 10 spam2.hosting2go.nl
Email authentication weak
- SPF
-
v=spf1 mx a include:spf.nl2go.com include:spf.hosting2go.nl ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA DV E36
Expires in 158 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com;frame-src 'self' https://*.google.com https://*.youtube.com https://youtube.com https://player.vimeo.com https://*.facebook.com https://*.hotjar.com; frame-ancestors 'self' https://www.linkedin.com; img-src 'self' data: https://*.google-analytics.com https://*.doubleclick.net https://*.twitter.com https://*.paypalobjects.com https://*.twimg.com https://*.googleusercontent.com https://abc.xyz https://*.facebook.com https://www.mollie.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://cdn.jsdelivr.net;