devesting.nl
HTML metadata
Technology
- Server
- nginx
- Fonts
-
- Adobe Fonts
Third-party hosts loaded (2)
- static.genkgo.com×1
- use.typekit.net×1
Social
DNS records live
- NS
-
- ns1.genkgo.net
- ns2.genkgo.net
- ns3.genkgo.net
- MX
-
Show 7 MX records
- 10 aspmx.l.google.com
- 20 alt1.aspmx.l.google.com
- 20 aspmx3.googlemail.com
- 30 aspmx2.googlemail.com
- 30 aspmx3.googlemail.com
- 30 aspmx4.googlemail.com
- 30 aspmx5.googlemail.com
- TXT
-
ge-verification=9e213897b54b5893
- Verified for
-
Email authentication partial
- SPF
-
v=spf1 include:_spf.google.com include:spf.genkgo.net -allstrict (-all) - DMARC
-
v=DMARC1; p=none; sp=nonepolicy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
E7
Expires in 42 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self'; child-src 'self' https://static.genkgo.com https://vesting.genkgo.app; connect-src 'self' https://static.genkgo.com https://vesting.genkgo.app; font-src 'self' *.typekit.net https://static.genkgo.com https://vesting.genkgo.app 'unsafe-inline'; img-src 'self' https://* https://static.genkgo.com https://vesting.genkgo.app data:; media-src 'self' https://static.genkgo.com https://vesting.genkgo.app; script-src 'self' https://static.genkgo.com https://vesting.genkgo.app 'unsafe-inline'; style-src 'self' *.typekit.net https://static.genkgo.com https://vesting.genkgo.app 'unsafe-inline'; report-uri https://devesting.nl/f/error-report/report/csp; upgrade-insecure-requests- strict-transport-security
max-age=31536000; preload