ev-heimstiftung.de

.de crawl

First seen 2026-04-13 · Last seen 2026-05-15 · ok HTTP/1.1 200 2510 ms crawled 2026-05-07

DE · 116.202.179.227 · AS24940 Hetzner Online GmbH

Reputation 100/100

Classifying

HTML metadata

Title: Gute Pflege | Evangelische Heimstiftung
Language: de-DE
Generator: TYPO3 CMS
Canonical: https://www.ev-heimstiftung.de/

Technology

Server: nginx

Third-party hosts loaded (2)

cdn.eye-able.com×2
consent.amedick-sommer.de×1

Social

Contact

Phone

+49711636760

Registration

Updated

2008-10-24

Name servers

ns.plusline.de.
ns.s.plusline.de.

DNS records live

NS

ns.plusline.de
ns.s.plusline.de

MX

0 evheimstiftung-de0e.mail.protection.outlook.com

TXT

Show 4 TXT records

globalsign-domain-verification=2tiKthl3xotq9WoqxxUiNkZj5goMm9PBPp3LCkGJv0
cisco-ci-domain-verification=663dc62d48aa632a1eb544934b890fed2d15fcbd5be9d1ec07fe1996ee356f64
brevo-code:7c98c23c103986e516156420fca6c966
04jzEvuX3wcegynhtie4srweOj9jWsQSoFnP/OQiRNv8ptMCXdatXyEKKToLYkyMEk3VVz3czcOvZQhl+vh4kw==

Email authentication strong

SPF

v=spf1 a mx a:mailplus-abg.ruthardt.eu ip4:212.19.58.0/24 ip4:5.175.4.213 ip4:185.21.101.174 ip4:46.101.177.110 ip4:159.69.193.233 include:spf.protection.outlook.com ip4:103.2.143.43 include:spf.crsend.com include:spf.brevo.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:postmaster@ev-heimstiftung.de; ruf=mailto:postmaster@ev-heimstiftung.de; fo=1

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClnzELjMmyfayVxY+Q9ZGPFx8BmO2l50/aRQh2oLhANy2U6w/MoaEmoqLcrJkzgLTQPqGIlo4aDak1xgWgW6…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUV7I5MTY+27qfR2pZoVbKLc6gE+JN+55bx1pkeoiAz13vudDUsefD6njOdKZndOii5k1KVEdYYa4HFKkrcH…

selectors probed

Certificate (current)

R12

from 2026-04-26 to 2026-07-25

Expires in 66 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.ev-heimstiftung.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' blob: data: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com fonts.gstatic.com analyzer.amedick-sommer.de consent.amedick-sommer.de static.dvinci-easy.com *.eye-able.com *.karriere-ehs.de; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com fonts.gstatic.com cdn.eye-able.com consent.amedick-sommer.de www.karriere-ehs.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com analyzer.amedick-sommer.de consent.amedick-sommer.de cdn.eye-able.com static.dvinci-easy.com www.karriere-ehs.de spenden.twingle.de; img-src * data: cdn.eye-able.com www.karriere-ehs.de consent.amedick-sommer.de; object-src 'none'; frame-ancestors 'self'; frame-src *;
strict-transport-security: max-age=31536000; includeSubDomains; preload