indexo.dev

estavayer.ch

.ch crawl

First seen 2026-06-04 · Last seen 2026-06-04 · ok HTTP/1.1 200 1294 ms crawled 2026-06-04

CH · 94.126.16.46 · AS21069 METANET AG

Reputation 92/100 weak subdomain policy

Classifying

HTML metadata

Title
Accueil - Commune d'Estavayer · Commune d'Estavayer
Language
fr
Generator
TYPO3 CMS
Canonical
https://www.estavayer.ch/
Feeds

Open Graph

title
Accueil - Commune d'Estavayer
locale
fr-CH
site name
Commune d'Estavayer
description
Commune Suisse

Technology

Server
nginx
jQuery
2.2.4 known XSS (<3.5)
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • cdnjs.cloudflare.com×1
  • code.jquery.com×1
  • unpkg.com×1
  • www.googletagmanager.com×1

Contact

Phone
Address
Rue de l'Hôtel de Ville 11, CH-1470, Estavayer-le-lac, FR, Suisse

DNS records live

NS
  • dns1.redhemmer.ch
  • dns2.redhemmer.ch
MX
  • 20 mps.telecomservices.ch
TXT
  • 6julool52hrngddo4d6s8ppr7h
  • 19fc639a7pi10dvgtbkh9b8abt
  • n4826hv56jn0f4qp54q0908t0s
Verified for
  • Brevo
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:94.126.16.46 ip4:84.253.32.226 ip4:94.126.16.47 ip4:94.126.16.48 ip4:212.71.120.144/28 a:mail.estavayer.ch a:mps.telecomservices.ch include:spf.protection.outlook.com include:smtproutes.com include:smtpout.com include:_spf.ch-dns.net include:spf.brevo.com mx -all
strict (-all)
DMARC
v=DMARC1; p=reject; sp=none; ruf=mailto:administrator@estavayer.ch; rua=mailto:administrator@estavayer.ch
policy: reject (enforced) · sp=none
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosWe5Iu6o/aOkocMMGIi7e+WCongh6MJLn+30zsf4wS1+dgyefsM25G6HZpqocbcdeVGaeQ5rQyYmd…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrd3HXg8K+RiaIMMVpO3bqTOd26YoRgPidiL5emQ9n4+vBDsLg+Y9e8ZmmXZRMfs6zyWPn1NR5zfif…
selectors probed

Certificate (current)

R13
from 2026-05-08 to 2026-08-06
Expires in 62 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.estavayer.ch/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.johdisuite.ch *.googleapis.com *.theodia.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.johdisuite.ch unpkg.com *.cloudflare.com *.jquery.com theodia.org *.jsdelivr.net 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.johdisuite.ch theodia.org; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com theodia.org *.dataconsulting.ch *.johdisuite.ch *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.cloudflare.com *.jquery.com; font-src 'self' *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.johdisuite.ch *.googleapis.

Links to (2)

Linked from (1)