eww.at

HTML metadata

Title: Energieversorger Wels | Energieversorgung - eww Gruppe
Description: Nachhaltige Energie - ob Strom, Gas oder Wärme - bei eww bekommen Sie alles aus einer Hand. ➤ Energieversorger aus Wels kennenlernen!
Language: de
Canonical: https://www.eww.at/privat/seite

Open Graph

url: https://www.eww.at/privat/seite
title: Energieversorger Wels | Energieversorgung - eww Gruppe
locale: de-DE
description: Nachhaltige Energie - ob Strom, Gas oder Wärme - bei eww bekommen Sie alles aus einer Hand. ➤ Energieversorger aus Wels kennenlernen!

Technology

Server: Apache
PHP: 8.3.30 security-only

Social

Contact

Phone

+437242493-100

Address

Stelzhamerstraße 27, 4600, Wels, Austria

DNS records live

NS

dns3.itandtel.at
dns4.itandtel.at
dns5.itandtel.at
dns6.itandtel.at

MX

5 eww-at.mail.protection.outlook.com

TXT

autodesk-domain-verification=5-OZhTdYbtKUrZ03HiGC

Verified for

Apple
Brevo
Google
Microsoft 365
TeamViewer

Email authentication partial

SPF

v=spf1 mx ip4:80.243.168.57 ip4:131.107.21.231 ip4:80.243.160.141 a:mx.klenk.at a:mx1.klenk.at include:_spf.itandtel.at include:spf.protection.outlook.com include:spf.sendinblue.com include:spf.imc-hosting.com include:mailing.sagedpw.at include:spf.de.umantis.com -all

strict (-all)

DMARC

v=DMARC1; p=none; sp=none; rua=mailto:dmarc@mailinblue.com!10m; ruf=mailto:dmarc@mailinblue.com!10m; rf=afrf; pct=100; ri=86400

policy: none (monitoring only) · sp=none

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOTJ2QMlqPdL9PE/ZmfsH+N76SKDg1Gw+Mny3P4SzkYN6Mn1EapWIJjGZ0pJmxAhGT79DA1ehcxz2UcMg8lF…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEsgoMeelPmV8XuKsW/OanvlF+AqHbGsH2w6foDOaRTJb7/TOfDKIzvByfMb4U0ktKxmB62johF8ossjWGvd…
mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-07-08 to 2026-07-17

Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.eww.at/privat/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; default-src 'self' data: *.acsbapp.com *.googleapis.com *.ggpht.com *.digiaccess.org *.doubleclick.net *.eww.at assets.sendinblue.com assets.brevo.com *.ooevv.at *.haf.as *.sibforms.com; img-src 'self' data: *.eww.at *.googleapis.com *.ggpht.com *.ooevv.at; frame-src 'self' *.vimeo.com *.youtube-nocookie.com *.youtube.com *.google.com *.ggpht.com *.googlevideo.com forms.websms.com *.eww.at map.chge.at eww.appointlet.com solarrechner.eturnity.io *.office365.com eww-b2b.appointlet.com app.cituro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gstatic.com *.acsbapp.com *.googleapis.com *.digiaccess.org *.google.com *.eww.at sibforms.com *.ooevv.at; style-src 'self' 'unsafe-inline' *.eww.at *.gstatic.com *.googleapis.com sibforms.com *.ooevv.at
strict-transport-security: max-age=31536000