finetodine.ch
finetodine.ch
HTML metadata
Technology
- Server
- Apache
- CMS
- Joomla
- Stack
- PHP
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×3
- maps.googleapis.com×1
- www.googletagmanager.com×1
DNS records live
- NS
-
- ns1.inetworx.ch
- ns2.inetworx.ch
- ns3.inetworx.ch
- MX
-
- 10 serv03.inetworx.ch
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 a mx -allstrict (-all) - DMARC
-
v=DMARC1; p=nonepolicy: none (monitoring only) - DKIM
-
- k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - k2:
Certificate (current)
E8
Expires in 75 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' *.googleadservices.com googleadservices.com *.saferpay.com saferpay.com *.google.ch *.google.com *.dimaster.ch data: *.googleapis.com fonts.gstatic.com youtube.com *.youtube.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com cdn.jsdelivr.net; img-src 'self' * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.g.doubleclick.net *.serving-sys.com cdn.rawgit.com *.dimaster.ch gooogleapis.com *.googleapis.com *.google.com *.unpkg.com unpkg.com youtube.com *.youtube.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com cdn.jsdelivr.net; frame-src 'self' *.google.ch *.google.com *.googletagmanager.com *.saferpay.com saferpay.com *.serving-sys.com- strict-transport-security
max-age=31536000; includeSubDomains