indexo.dev

forsthofalm.com

.com crawl

First seen 2026-05-19 · Last seen 2026-05-30 · ok HTTP/1.1 200 4253 ms crawled 2026-05-30

AT · 83.65.246.198 · AS8412 T-Mobile Austria GmbH

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Dein Naturhotel in Leogang - Holzhotel Forsthofalm
Description
Forsthofalm – dein Naturhotel in Leogang. Yoga, Wellness, Kulinarik & Zimmer aus Mondholz. Finde Ruhe, Kraft & Inspiration inmitten der Berge.
Language
de
Canonical
/
Translations
  • de
  • en

Open Graph

url
https://www.forsthofalm.com/home/
title
Dein Naturhotel in Leogang - Holzhotel Forsthofalm
description
Forsthofalm – dein Naturhotel in Leogang. Yoga, Wellness, Kulinarik & Zimmer aus Mondholz. Finde Ruhe, Kraft & Inspiration inmitten der Berge.

Technology

Server
Apache
CMS
Joomla

Third-party hosts loaded (1)

  • stats.futureweb.at×3

Social

Contact

Email
Phone
Address
Hütten 37, 5771, Leogang, Salzburg, AT

Registration

Registrar
EPAG Domainservices GmbH
Created
1998-08-20
Expires
2026-08-19 79 days left
Updated
2025-08-20
Name servers
  • ns1.vercel-dns.com
  • ns2.vercel-dns.com

DNS records live

NS
  • ns1.vercel-dns.com
  • ns2.vercel-dns.com
MX
  • 0 forsthofalm-com.mail.protection.outlook.com
Verified for
  • Google
  • Microsoft 365

Email authentication weak

SPF
v=spf1 ip4:109.75.178.8 include:spf.protection.outlook.com include:spf.net.vioma.de include:spf.kunleisys.com include:spf.guestclub.net include:bspf.a1.net a:forsthofalm.sc01.at mx ip4:212.27.79.46/32 -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

E8
from 2026-05-14 to 2026-08-12
Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.forsthofalm.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(), camera=(), microphone=(), payment=(), usb=(), fullscreen=(self "https://my.matterport.com" "https://my.mpskin.com" "https://www.youtube.com" "https://*.rundblick.at")
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'nonce-QS3HcqxczjLGpGpM7nrM2A==' 'strict-dynamic' 'report-sample' 'unsafe-eval' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.rundblick.at; img-src 'self' data: https: blob: https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com https://assets.dialogshift.com; connect-src 'self' https: wss: https://*.dialogshift.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.com https:/
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site

Links to (13)

Linked from (1)