diezminutos.es
diezminutos.es
HTML metadata
Technology
- CMS
- Next.js
- Cookie consent
-
- OneTrust
Third-party hosts loaded (2)
- hips.hearstapps.com×86
- cdn.cookielaw.org×1
Social
DNS records live
- NS
-
- ns-1499.awsdns-59.org
- ns-1725.awsdns-23.co.uk
- ns-298.awsdns-37.com
- ns-515.awsdns-00.net
- MX
-
- 1 mx.diezminutos.es
- TXT
-
BSI91896679786
- Verified for
-
- GlobalSign
- Meta
Email authentication weak
- SPF
- not published
- DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
GlobalSign Atlas R3 DV TLS CA 2025 Q4
Expires in 259 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing frame protection
- missing Permissions Policy
Header values
- referrer-policy
no-referrer-when-downgrade- x-content-type-options
nosniff- content-security-policy
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://api.pushpushgo.com https://s-eu-1.pushpushgo.com https://s-us-1.pushpushgo.com https://cdn.pushpushgo.com; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://api.pushpushgo.com; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'- strict-transport-security
max-age=31557600; includeSubDomains
Links to (13)
- hearst.com×2
- facebook.com×2
- hearst.es×2
- pinterest.es×2
- x.com×2
- youtube.com×2
- instagram.com×2
- cortefiel.com×2
- druni.es×2
- hm.com×1
- mango.com×1
- tradedoubler.com×1
- amazon.es×1