elithera.de

HTML metadata

Title: Elithera: Physiotherapie bei Elithera – Schmerzfrei & aktiv bewegen
Description: Physiotherapie, Krankengymnastik & Gesundheitstraining bei Elithera: Individuell, ganzheitlich & wissenschaftlich fundiert – für Ihre schnelle Genesung.
Language: de-DE
Generator: TYPO3 CMS
Canonical: https://www.elithera.de/

Technology

Server: nginx

Third-party hosts loaded (1)

cloud.ccm19.de×1

Social

Contact

Phone

+4905151961520

Registration

Updated

2026-04-07

Name servers

ns5.kasserver.com.
ns6.kasserver.com.

DNS records live

NS

ns5.kasserver.com
ns6.kasserver.com

MX

0 elithera-de.mail.protection.outlook.com

Verified for

Google
Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv/nsmgdsZ+yd1uOaSJtGCbwT5waWfnoYX+Yzb4bxKh2au49vUA7hrHR3TF6JOpXs0PAK0ve6yufY5…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AIIIumgJ2qBV0JgJ2qArZ2Y/drdXQGVbO/J9XJ3NmHQpfYI6BQhLr7HTNl8d8skCxmvnNBteolvsn…

selectors probed

Certificate (current)

E7

from 2026-04-07 to 2026-07-06

Expires in 47 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.elithera.de/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-content-type-options

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'nonce-lMXu5W4OlLymL6iuIq_1HXNfGR_AgGPt-XfSXAPThwrmiaWSYSP_vA' https: 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://*.emailsys1a.net https://cloud.ccm19.de https://www.googletagmanager.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.google-analytics.com https://www.google-analytics.com https://c.emailsys1a.net https://cloud.ccm19.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.premiumplaner.de forms.office.com *.typeform.com https://cloud.ccm19.de https://www.googletagmanager.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://www.google-analytics.com https://region1.google-analyti
strict-transport-security: max-age=600000
content-security-policy-report-only: default-src 'self'; script-src 'self' 'nonce-lMXu5W4OlLymL6iuIq_1HXNfGR_AgGPt-XfSXAPThwrmiaWSYSP_vA' https: 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://*.emailsys1a.net https://cloud.ccm19.de https://www.googletagmanager.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.google-analytics.com https://www.google-analytics.com https://c.emailsys1a.net https://cloud.ccm19.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.premiumplaner.de forms.office.com *.typeform.com https://cloud.ccm19.de https://www.googletagmanager.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://www.google-analytics.com https://region1.google-analyti