depo.gal

.gal user

First seen 2026-05-13 · Last seen 2026-05-13 · ok HTTP/1.1 200 1048 ms crawled 2026-05-13

ES · 195.55.239.20 · AS3352 Telefonica De Espana S.a.u.

Reputation 100/100

sector government type landing page

HTML metadata

Title

Inicio - Deputación de Pontevedra

Language

gl-ES

Canonical

https://www.depo.gal

Translations

es-es
gl-es

Open Graph

url: https://www.depo.gal
title: Inicio - Deputación de Pontevedra - DEPO
locale: gl_ES
image:url: https://www.depo.gal/documents/37861/38348/ADEPO3.jpg/f01ede30-6a8f-b35b-0c9a-8b97084068c3?version=2.0&t=1698926504636&imagePreview=1
site name: Deputación de Pontevedra
locale:alternate: es_ES

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (6)

www.depo.gal×68
code.jquery.com×2
kenwheeler.github.io×2
cdn-eu.readspeaker.com×1
kit.fontawesome.com×1
www.googletagmanager.com×1

Social

Contact

Phone

+34 986 804 100

Address

Avda. Montero Ríos, s/n, 36071

Registration

Registrar

IONOS SE

Created

2015-09-29

Expires

2026-09-29 132 days left

Updated

2025-11-13

Name servers

ns2.depo.es
ns1.depo.es

DNS records live

NS

ns1.depo.es
ns2.depo.es

MX

50 smtp.depo.gal

TXT

MS=ms38510515
globalsign-domain-verification=KMWmfeirl_mosIlQjKBk3f1umpBAo22u14MqDk3SGY

Email authentication strong

SPF: v=spf1 ip4:195.55.239.22 ip4:195.55.239.32 mx ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:dmarc-reports@depo.es; ruf=mailto:dmarc-failures@depo.es; pct=100
policy: reject (enforced) · sp=reject
DKIM: no key found at common selectors

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2026-04-13 to 2026-10-29

Expires in 163 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.depo.gal/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
weak frame protection
weak content type protection

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=*, autoplay=*, camera=*, clipboard-read=*, clipboard-write=*, fullscreen=*, geolocation=*, gyroscope=*, magnetometer=*, microphone=*, midi=*, payment=*, usb=*, xr-spatial-tracking=*
x-content-type-options: nosniff, nosniff
content-security-policy: default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https:; font-src https: data:; frame-src https:; media-src https:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin