dialogluzern.ch
HTML metadata
Technology
- Server
- nginx
- Analytics
-
- Matomo
Third-party hosts loaded (2)
- ocp4-pitc-stlu-decidim-prod.objects.rma.cloudscale.ch×15
- ocl-test.matomo.cloud×1
DNS records live
- NS
-
- ns1.tiberius.sui-inter.net
- ns2.tiberius.sui-inter.net
- MX
-
- 0 mail.dialogluzern.ch
Email authentication weak
- SPF
-
v=spf1 include:_spf.sui-inter.net +mx +a -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 64 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- weak content type protection
Header values
- referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
unload=(self)- x-content-type-options
nosniff, nosniff- content-security-policy
default-src 'self' 'unsafe-inline' ocp4-pitc-stlu-decidim-prod.objects.rma.cloudscale.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.intergram.xyz cdn.matomo.cloud ocl-test.matomo.cloud; style-src 'self' 'unsafe-inline'; img-src 'self' *.hereapi.com data: *.geo.admin.ch ocp4-pitc-stlu-decidim-prod.objects.rma.cloudscale.ch ocl-test.matomo.cloud; font-src 'self' data:; connect-src 'self' *.hereapi.com data: photon.komoot.io ocp4-pitc-stlu-decidim-prod.objects.rma.cloudscale.ch ocl-test.matomo.cloud; frame-src 'self' www.youtube-nocookie.com player.vimeo.com https://www.intergram.xyz player.twitch.tv meet.jit.si www.youtube.com; media-src 'self' ocp4-pitc-stlu-decidim-prod.objects.rma.cloudscale.ch data:- strict-transport-security
max-age=31536000; includeSubDomains, max-age=63072000; includeSubDomains