dfl-stiftung.de

HTML metadata

Title

Stiftung aus dem Profifußball | DFL Stiftung

Description

Wir setzen uns für junge Menschen ein, fördern deren Teilhabe an der Gesellschaft, ein aktives und gesundes Aufwachsen und Erfolge im Spitzensport.

Language

de-DE

Generator

WPML ver:4.6.8 stt:1,3;

Canonical

https://www.dfl-stiftung.de/

Translations

de
en

Feeds

DFL Stiftung » Feed RSS

Open Graph

url: https://www.dfl-stiftung.de/
title: Stiftung aus dem Profifußball | DFL Stiftung
locale: de_DE
site name: DFL Stiftung
description: Wir setzen uns für junge Menschen ein, fördern deren Teilhabe an der Gesellschaft, ein aktives und gesundes Aufwachsen und Erfolge im Spitzensport.

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Third-party hosts loaded (2)

gmpg.org×1
www.googletagmanager.com×1

Social

Registration

Updated

2022-05-17

Name servers

ns-1087.awsdns-07.org.
ns-1617.awsdns-10.co.uk.
ns-393.awsdns-49.com.
ns-692.awsdns-22.net.

DNS records live

NS

ns-1087.awsdns-07.org
ns-1617.awsdns-10.co.uk
ns-393.awsdns-49.com
ns-692.awsdns-22.net

MX

10 securemail03.dfl.de
20 securemail04.dfl.de

TXT

swisssign-check=F-xtlexRly7iYswJm3BxShETDGQ
7WmB/GdzXd0N2kE1aoewgLJSxON+OsZo3Feytj0HGXUmkglzZWOeADZrcQRJUR9G/mmk1eV4vRI7fEHDYw70yA==

Verified for

Microsoft 365
Miro

Email authentication strong

SPF: v=spf1 ip4:54.240.98.234/32 ip4:54.240.98.235/32 ip4:80.154.68.12/32 ip4:194.8.207.200/32 ip4:5.35.246.163 ip4:80.155.8.32/27 include:de.dfl-stiftung.spf.martrexodns.com include:_spf.proxy.nospamproxy.com -all
strict (-all)
DMARC: v=DMARC1; p=quarantine; rua=mailto:dmarc@dfl.de; ruf=mailto:dmarc@dfl.de; fo=1
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-22 to 2026-07-21

Expires in 62 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.dfl-stiftung.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection

Header values

referrer-policy: same-origin, no-referrer-when-downgrade
x-frame-options: SAMEORIGIN, SAMEORIGIN, sameorigin
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff, nosniff, nosniff
content-security-policy: default-src 'self' stage.dfl-stiftung.de; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.tiktok.com/embed.js *.neutral.ttwstatic.com www.googletagmanager.com maps.googleapis.com s.ytimg.com connect.facebook.net platform.twitter.com platform.linkedin.com www.googletagmanager.com mt.bundesliga.com www.instagram.com; style-src 'self' 'unsafe-inline' *.neutral.ttwstatic.com fonts.googleapis.com use.fontawesome.com; img-src 'self' data: *.dfl-stiftung.de dfl-stiftung.de secure.gravatar.com 1.gravatar.com syndication.twitter.com i.ytimg.com maps.gstatic.com maps.googleapis.com placekitten.com s.w.org; connect-src 'self' eu-api.friendlycaptcha.eu www.googleapis.com maps.googleapis.com mt.bundesliga.com; font-src 'self' data: fonts.gstatic.com; media-src 'self'; frame-src 'self' *.dfl.de *.dfl-stiftung.de blob: www.tiktok.com www.zukunft-bewegen.com postmansubs.com www.google.com platform.twitter.com www.youtube-nocookie.com *.facebook.com web.facebook.com www.linkedin.com www.insta
strict-transport-security: max-age=63072000; includeSubDomains; preload