cultfest.pt
cultfest.pt
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress 7.0
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×7
- fonts.gstatic.com×3
- www.youtube.com×1
Social
DNS records live
- NS
-
- ns1.wtservers.com
- ns2.wtservers.com
- ns3.wtservers.com
- MX
-
- 0 mail.cultfest.pt
Email authentication partial
- SPF
-
v=spf1 +a +mx +ip4:185.240.248.55 include:spf.redewt.net ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
-
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6guq1TvdhysxE3katjr8EqljoTkIccAMtJbhxX0gdVoYVVY/7SQrjITuE8cRp+kwQQWg1O+QUlevGF…
selectors probed - default:
Certificate (current)
R13
Expires in 63 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com;; img-src 'self' https: data: blob:; connect-src 'self' https:; font-src 'self' https: data: filesystem: https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https:; worker-src 'self' blob:; base-uri 'self'; upgrade-insecure-requests- strict-transport-security
max-age=63072000; includeSubDomains; preload
Links to (5)
- youtube.com×1
- tiktok.com×1
- sapo.pt×1
- instagram.com×1
- facebook.com×1