cutterbuck.eu
HTML metadata
Technology
- CMS
- Gatsby
- Fonts
-
- Google Fonts
Third-party hosts loaded (2)
- fonts.gstatic.com×2
- policy.app.cookieinformation.com×1
DNS records live
- NS
-
- ns1.dnshost.net
- ns2.dnshost.net
- MX
-
- 10 de-smtp-inbound-1.mimecast.com
- 10 de-smtp-inbound-2.mimecast.com
- TXT
-
globalsign-domain-verification=ED4B531BDAE28FF6A515288FBE71052B
Email authentication strong
- SPF
-
v=spf1 a include:de._netblocks.mimecast.com include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:dmarcreports@nwg.se; adkim=s; aspf=s;policy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
GlobalSign Atlas R3 DV TLS CA 2026 Q1
Expires in 15 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SameOrigin- permissions-policy
accelerometer=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),autoplay=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),browsing-topics=(),camera=(),display-capture=(),encrypted-media=(*),fullscreen=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),gamepad=(),geolocation=(self),gyroscope=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),hid=(),identity-credentials-get=(),idle-detection=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(self "https://*.adyen.com"),picture-in-picture=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),publickey-credentials-create=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),storage-access=(),usb=(),web-share=(self "https://www.youtube-nocookie.com" "https://wwww.youtube.com"),window-management=(self),xr-spatial-tracking=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;object-src 'self' blob:;style-src 'self' 'unsafe-inline' https:;img-src 'self' https: data: blob:;frame-src 'self' https: blob:;font-src 'self' https: data:;connect-src 'self' https: wss: ws: data:- strict-transport-security
max-age=31536000; includeSubDomains; preload