dreame.cz
dreame.cz
HTML metadata
Technology
- Server
- nginx
- CMS
- Ghost
- Stack
- PHP
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (5)
- s3.eu-central-1.amazonaws.com×20
- schema.org×20
- www.googletagmanager.com×2
- fonts.googleapis.com×1
- postback.affiliateport.eu×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns-1135.awsdns-13.org
- ns-1630.awsdns-11.co.uk
- ns-280.awsdns-35.com
- ns-770.awsdns-32.net
- MX
-
- 10 mx-a.elkogroup.com
- 20 mx-b.elkogroup.com
Email authentication weak
- SPF
-
v=spf1 ip4:178.16.18.198 include:amazonses.com ~alllmissing all - DMARC
-
v=DMARC1; p=none; sp=quarantine; rua=mailto:dmarc.rua@elkogroup.com; ruf=mailto:dmarc.ruf@elkogroup.com; fo=1policy: none (monitoring only) · sp=quarantine - DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M01
Expires in 174 days
HTTP security headers
- present
-
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- missing Permissions Policy
Header values
- referrer-policy
no-referrer, strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' blob: wss: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;- content-security-policy-report-only
default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/report
Links to (12)
- youtube.com×1
- tsbohemia.cz×1
- tiktok.com×1
- smarty.cz×1
- robotworld.cz×1
- planeo.cz×1
- pinterest.com×1
- onlineshop.cz×1
- instagram.com×1
- huramobil.cz×1
- facebook.com×1
- datart.cz×1