fafnir.com

.com crawl

First seen 2026-05-04 · Last seen 2026-05-11 · ok HTTP/1.1 200 2014 ms crawled 2026-05-11

US · 52.87.65.167 · AS14618 Amazon.com, Inc.

Reputation 67/100 wrong cert no dmarc policy

sector tech type homepage

HTML metadata

Title

FAFNIR GmbH

Language

Generator

Drupal 10 (https://www.drupal.org)

Canonical

https://www.fafnir.com/

Translations

Technology

Server: nginx
CMS: Drupal

Analytics

Google Tag Manager

Social widgets

YouTube Embed

Third-party hosts loaded (3)

js.hsforms.net×1
www.googletagmanager.com×1
www.youtube-nocookie.com×1

Social

Contact

Phone

+49 40 / 39 82 07-0

Address

ST A QUOTEhbspt.forms.create({ region: "na1", portalId: "21596

Registration

Registrar

Vautron Rechenzentrum AG

Created

1991-06-13

Expires

2026-06-12 23 days left

Updated

2025-06-13

Name servers

ns2.nmmn.com
ns3.nmmn.com

DNS records live

NS

ns2.nmmn.com
ns3.nmmn.de

MX

10 mxa-00514e01.gslb.pphosted.com
10 mxb-00514e01.gslb.pphosted.com

TXT

Show 4 TXT records

MS=ms6c00853cec5e
MS=ms61512739
v=msv1 t=11388E26-0C99-480B-84E1-5E89D1914D35
It82OR3pe5aVQeIqN6kKS07CWLYZuSWoLTo6QLykfpbj8BqznKR5WaocNTc4mCH34pxnSpvzTOxWwfrHMHcMHQ==

Email authentication weak

SPF: v=spf1 include:_spf.vontier.com include:spf.salesforce.com ip4:167.89.50.42 ip4:168.245.92.25 ip4:168.245.100.162 ip4:149.72.202.171 ip4:159.183.145.35 ip4:168.245.100.168 include:spf.vizito.be -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current) wrong cert

Sectigo Public Server Authentication CA OV R36

from 2025-10-29 to 2026-11-08

Expires in 172 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.fafnir.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'none'; script-src 'unsafe-inline' *.gilbarco.com *.fafnir.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com bam.nr-data.net *.hsforms.com *.doubleclick.net *.googleapis.com *.google.com *.hsforms.net *.google.com *.google-analytics.com *.googletagmanager.com *.googlevideo.com *.doubleclick.net *.gstatic.com *.newrelic.com *.livechatinc.com *.cookielaw.org *.onetrust.com *.securiti.ai; object-src *.gilbarco.com *.fafnir.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com bam.nr-data.net *.hsforms.com *.doubleclick.net *.googleapis.com *.google.com *.hsforms.net *.google.com *.google-analytics.com *.googletagmanager.com *.googlevideo.com *.doubleclick.net *.gstatic.com *.newrelic.com *.livechatinc.com *.cookielaw.org *.onetrust.com *.securiti.ai; style-src 'unsafe-inline' data: *.gilbarco.com *.fafnir.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com bam.nr-data.net *.hsforms.com *.doubleclick.net *.googleapis.com *.google.com *.hsf
strict-transport-security: max-age=31536000; includeSubdomains; preload

Links to (8)

Linked from (1)

ploog-webdesign.de×1