convales.de
convales.de
HTML metadata
Technology
- Server
- nginx
Social
Registration
- Updated
- 2024-03-11
- Name servers
-
- ns1.mainns.de.
- ns2.mainns.eu.
- ns3.mainns.net.
DNS records live
- NS
-
- ns1.mainns.de
- ns2.mainns.eu
- ns3.mainns.net
- MX
-
- 10 mail.convales.de
- TXT
-
hZ2Ps/xH9D1g9qjZnmTTSd4xH3dK1MBoGsxm5aWXT2dp4tSRqegZ8yP4qMgnVIg5vn+HeX02dhtg1Sagp1HYgA==
- Verified for
-
- Atlassian
- Cisco
Email authentication weak
- SPF
-
v=spf1 mx a:mail.convales.de include:_spf.rexx-suite.com ip4:193.41.237.251 ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- default:
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfY3+pX25vzQkEAUetWSHUglOSqBQffSU81OsbZBA1qiqrfWWaFM+nX0FxG9js3PYiQhLWOwP/kIwZOQ9tajL…
selectors probed - default:
Certificate (current)
R12
Expires in 33 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.kununu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googletagmanager.com https://tagmanager.google.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;- strict-transport-security
max-age=31536000; includeSubDomains; preload