elca-careers.com

.com crawl

First seen 2026-05-27 · Last seen 2026-05-27 · ok HTTP/1.1 200 470 ms crawled 2026-05-30

CH · 185.154.38.46 · AS24951 EveryWare AG

Reputation 100/100

Classifying

HTML metadata

Title: Home page | ELCA
Language: en
Canonical: https://elca-careers.com/

Technology

Server: Apache
CMS: Drupal

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Phone

+41 21 613 21 11

Registration

Registrar

Gandi SAS

Created

2024-12-09

Expires

2026-12-09 191 days left

Updated

2025-11-08

Name servers

dns1.elca-cloud.com
dns2.elca-cloud.com
dns3.elca-cloud.com
dns4.elca-cloud.com

DNS records live

NS

dns1.elca-cloud.com
dns2.elca-cloud.com
dns3.elca-cloud.com
dns4.elca-cloud.com

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Actalis DV Server ACME CA G1

from 2026-05-21 to 2026-08-21

Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://elca-careers.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=self, battery=(), bluetooth=(), camera=(), ch-ua=(), ch-ua-arch=(), ch-ua-bitness=(), ch-ua-full-version=(), ch-ua-full-version-list=(), ch-ua-mobile=(), ch-ua-model=(), ch-ua-platform=(), ch-ua-platform-version=(), ch-ua-wow64=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=self, geolocation=self, gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), magnetometer=(), microphone=self, midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; child-src 'self' *.youtube.com *.google.com; connect-src 'self' *.matomo.cloud *.sharethis.com *.cookiebot.com *.linkedin.com *.google.com https://www.google-analytics.com https://www.googletagmanager.com https://elcawebsites.matomo.cloud/; font-src 'self' themes.googleusercontent.com; frame-src 'self' *.youtube.com *.google.com *.cookiebot.com; img-src 'self' data: *.ytimg.com *.linkedin.com *.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' *.youtube.com *.googletagmanager.com www.gstatic.com *.matomo.cloud *.sharethis.com *.cookiebot.com 'sha256-qtsS1WIUbxn0/U/zdFUZ1x9TVLgsFcevtVmbVDPkMs0=' 'sha256-wc/BAOJ40mQ8qxlw0ODTg1u6M3KBcxulC4no1VTCvh4=' 'sha256-6P0Wi2m7azi+UQG/HDOp7LS764uSb8EcXGcyRSTT900=' https://cdn.jsdelivr.net https://www.google.com 'unsafe-inline' https://elcawebsites.matomo.cloud/; script-src-elem 'self' 'unsafe-inline' elcawebsites.matomo.cloud www.googletagmanager.com www.youtube.com *.cookiebot.com
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin

Links to (14)

Linked from (1)

coderful.io×1