fondazionebpn.it
HTML metadata
Technology
- CMS
- WordPress
- jQuery
- 3.7.1
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- fonts.googleapis.com×3
- code.jquery.com×1
- gmpg.org×1
- www.googletagmanager.com×1
Contact
DNS records live
- NS
-
- ns1.crebergallery.it
- ns2.crebergallery.it
- ns3.crebergallery.it
- ns4.crebergallery.it
- MX
-
- 10 mxa-00695501.gslb.pphosted.com
- 10 mxb-00695501.gslb.pphosted.com
- TXT
-
DyixCjQSGWVBP1VdwqepxBGzBRd88eRgF+UUJPD5FT8lxN0U9UWVGYTxQ24SIaSWMrIZDF/jCjMvWq4JH5ImMw==EI7oAavvxmhE8T4k0v9m91iTzzAnW64kA0Kmw48aX/o=
- Verified for
-
- GlobalSign
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:_spf1.bancobpm.it include:_spf2.bancobpm.it -allstrict (-all) - DMARC
-
v=DMARC1; p=none; sp=none; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;policy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA OV R36
Expires in 256 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
script-src 'self' 'unsafe-inline' *.jquery.com https://www.googletagmanager.com/ *.google-analytics.com blob: data:;style-src 'self' 'unsafe-inline' http://fonts.googleapis.com/;font-src 'self' data: https://www.googletagmanager.com/ http://fonts.googleapis.com/ https://fonts.gstatic.com/;img-src 'self' https://www.googletagmanager.com/ ;frame-src 'self';- strict-transport-security
max-age=31536000;includeSubDomains;preload