indexo.dev

enfi.de

.de crawl

First seen 2026-04-21 · Last seen 2026-05-15 · ok HTTP/1.1 200 3751 ms crawled 2026-05-15

DE · 168.119.205.11 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
ENFI - Energie für Immobilien - ENFI
Language
de
Generator
TYPO3 CMS
Canonical
https://www.enfi.de/

Technology

Server
Apache
Fonts
  • Adobe Fonts

Third-party hosts loaded (1)

  • use.typekit.net×1

Registration

Updated
2021-02-22
Name servers
  • a.ns14.net.
  • b.ns14.net.
  • c.ns14.net.
  • d.ns14.net.

DNS records live

NS
  • a.ns14.net
  • b.ns14.net
  • c.ns14.net
  • d.ns14.net
MX
  • 10 mail.enfi.de
  • 20 mail2.enfi.de
Verified for
  • Microsoft 365

Email authentication partial

SPF
v=spf1 mx a include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:admin@enni.de; fo=1; adkim=r; aspf=r
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOzbA8zSbWp0t0ZkfTasDdBhSTI3dqc1QVI7fRng9SGO0uXrBgnkhcAHUPvfJVrGmCGrWX…
selectors probed

Certificate (current)

R13
from 2026-03-20 to 2026-06-18
Expires in 29 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.enfi.de/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(self), midi=(self), payment=(self), camera=(self), usb=(self), fullscreen=(self), magnetometer=(self), picture-in-picture=(*), accelerometer=(self), encrypted-media=(self), autoplay=(self), gyroscope=(self), sync-xhr=(self), microphone=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://data.trurnit.de wss://ws.hotjar.com https://*.hotjar.com https://flow-runner.api.codelos.io https://piwik.successnet.de https://*.hotjar.io https://cookiemanager.digitale-werke.de https://*.enni.de https://region1.google-analytics.com https://enni-niederrhein.baeder-suite.de https://bettenkamper-meer.de https://*.google.de https://*.google.com https://*.ampproject.org https://*.doubleclick.net wss://localhost:3000 https://www.google-analytics.com https://openiban.com https://*.facebook.com https://*.googleapis.com https://trck.enni.de https://ipty.de https://ad4m.at https://*.ad4m.at https://*.ad4mat.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cookiemanager.digitale-werke.de https://*.typekit.net https://fast.fonts.net https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://use.fontawesome.com https://gharnati.com https://code.highcharts.com https://code
strict-transport-security
max-age=63072000; includeSubDomains; preload

Linked from (1)