feuerwehr-horw.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
Social
DNS records live
- NS
-
- ch.pro.io
- nl.pro.io
- p.dnh.net
- Verified for
-
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
-
v=DMARC1; p=rejectpolicy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 86 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-content-type-options
nosniff- content-security-policy
base-uri 'self';block-all-mixed-content;child-src 'self' https://*.infomaniak.com https://*.vimeo.com https://*.youtube.com https://checkout.stripe.com https://pay.datatrans.com https://pay.sandbox.datatrans.com;connect-src 'self' *.sentry.io https://api.mapbox.com https://cdn.jsdelivr.net https://checkout.stripe.com https://geodesy.geo.admin.ch https://map.geo.bs.ch https://maps.zg.ch https://stats.seantis.ch/ https://wms.geo.admin.ch/ https://wmts.geo.bs.ch;default-src 'self';font-src 'self' data: http: https:;form-action 'self';img-src 'self' data: http: https:;object-src 'none';script-src 'nonce-gB1MHVowBBBLFuKxwRs/PQ==' 'self' https://browser.sentry-cdn.com https://checkout.stripe.com https://js.sentry-cdn.com https://pay.datatrans.com https://pay.sandbox.datatrans.com https://stats.seantis.ch/;style-src 'self' 'unsafe-inline' https:- strict-transport-security
max-age=31536000; includeSubDomains
Links to (2)
- horw.ch×1
- github.com×1
Linked from (1)
- horw.ch×1