fondazioneconadets.it
HTML metadata
Technology
Third-party hosts loaded (2)
- chisiamo.conad.it×1
- www.google.com×1
Social
Contact
DNS records live
- NS
-
- ns1.plaindns.net
- ns2.plaindns.net
- MX
-
- 0 fondazioneconadets-it.mail.protection.outlook.com
- TXT
-
_8cv6jp6zfv3nmwi5xt7n4wjh3e2euwd
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:jxy5nq2i@ag.eu.dmarcadvisor.com; ruf=mailto:jxy5nq2i@fr.eu.dmarcadvisor.compolicy: reject (enforced) - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbOSa5u25lrcVAUU59YvBAFGmE3Vdmi/YNQrlJuXmeSSV5zInxabccVn2uDR3JPAyXgY2c+BvFhSNO…
selectors probed - selector1:
Certificate (current)
GeoTrust TLS RSA CA G1
Expires in 97 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-ancestors 'self' *.conad.it *.nscdev.it *.nsctst.it *.nscpre.it *.nscbeta.it *.nscstg.it; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https:- strict-transport-security
max-age=31557600