feuerwehren.bayern

.bayern user

First seen 2026-05-16 · Last seen 2026-05-16 · ok HTTP/1.1 200 328 ms crawled 2026-05-16

DE · 93.184.181.159 · AS47297 NetCom BW GmbH

Reputation 92/100 no dmarc policy

sector government type homepage

HTML metadata

Title: Home - Das LFV Website-Kit
Language: de

Technology

CMS: Gatsby

Social

Contact

Email

info@feuerwehren.bayern

Phone

(08382) 275833-0

Registration

Registrar

united-domains AG

Created

2015-08-04

Expires

2026-08-04 74 days left

Updated

2026-04-10

Name servers

ns2.tcis.de
ns1.tcis.de
ns3.tcis.de

DNS records live

NS

ns1.tcis.de
ns2.tcis.de
ns3.tcis.de

MX

0 feuerwehren-bayern.mail.protection.outlook.com

Verified for

Google
Microsoft 365

Email authentication weak

SPF: v=spf1 include:spf.protection.outlook.com include:spf.tomcom.de -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-12 to 2026-07-11

Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://feuerwehren.bayern/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
permissions-policy: microphone=*, fullscreen=*, accelerometer=*, autoplay=*, camera=*, display-capture=*, encrypted-media=*, geolocation=*, gyroscope=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=()
x-content-type-options: nosniff
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=63072000; includeSubdomains;
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin

Links to (2)

facebook.com×1
youtube.com×1