indexo.dev

felberhonig.ch

.ch crawl

First seen 2026-05-29 · Last seen 2026-05-29 · ok HTTP/1.1 200 426 ms crawled 2026-05-31

CH · 193.33.128.144 · AS35206 NovaTrend Services GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Felber Honig – Home
Description
Schweizer Bienenhonig
Language
de
Generator
CMSimple_XH 1.8 2024121101 - www.cmsimple-xh.org

Technology

Server
LiteSpeed
CMS
Joomla 1.8
PHP
7.4.33 end of life
jQuery
1.12.4 known XSS (<3.5)

DNS records live

NS
  • ns63.tophost.ch
  • ns64.tophost.ch
MX
  • 10 mx01.tophost.ch
  • 10 mx02.tophost.ch

Email authentication partial

SPF
v=spf1 ip4:193.33.128.144 include:_spf.tophost.ch include:relay.mailchannels.net a mx -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRh82LIkme9rmIv7YzqQYcQEz+QHrC20TqcOo5FJdmrdibkep+PjXSxYJ8azYIsXEHQ49HzUxZjFud…
selectors probed

Certificate (current)

R12
from 2026-04-09 to 2026-07-08
Expires in 37 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://felberhonig.ch/

present
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
Header values
referrer-policy
same-origin
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(), camera=(self), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(self "https://www.youtube.com" "https://www.youtube-nocookie.com"), display-capture=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), gamepad=(self), geolocation=(self), gyroscope=(self), interest-cohort=(), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), speaker-selection=(self), sync-xhr=(), usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: blob:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin

Links to (2)

Linked from (1)