fis-netzwerk.de
fis-netzwerk.de
HTML metadata
Technology
- Server
- Apache
Registration
- Updated
- 2016-07-27
- Name servers
-
- a.ns14.net.
- b.ns14.net.
- c.ns14.net.
- d.ns14.net.
DNS records live
- NS
-
- a.ns14.net
- b.ns14.net
- c.ns14.net
- d.ns14.net
- MX
-
- 10 mx01.pixelpark.com
- TXT
-
_iu1srsf6feeaa98fsc9ref9hec6ox0c
Email authentication weak
- SPF
-
v=spf1 redirect=_spf.pixelpark.euno all qualifier - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
RapidSSL TLS RSA CA G1
Expires in 103 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- weak content type protection
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN, sameorigin- x-content-type-options
nosniff, nosniff- content-security-policy
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; worker-src 'self'; form-action 'self' *.w3.org; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.w3.org *.soundcloud.com *.youtube.com *.youtube-nocookie.com; font-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: 'self'; media-src 'self' 'unsafe-inline' https://www.youtube.com/ *.youtube-nocookie.com; child-src 'self'; frame-src 'self' 'unsafe-inline' *.vimeo.com *.w3.org *.soundcloud.com *.youtube.com *.youtube-nocookie.com; connect-src 'self' 'unsafe-inline'; object-src 'none'; manifest-src 'self'- strict-transport-security
max-age=31536000