indexo.dev

fpz.de

.de crawl

First seen 2026-04-12 · Last seen 2026-05-20 · ok HTTP/1.1 200 1192 ms crawled 2026-05-20

DE · 157.90.184.21 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
FPZ GmbH
Description
Muskulatur im Fokus | Focus on the muscles
Language
de

Technology

Server
nginx
CMS
Next.js
Cookie consent
  • Cookiebot

Third-party hosts loaded (3)

  • fonts.cdnfonts.com×2
  • consent.cookiebot.com×1
  • widgets.leadconnectorhq.com×1

Social

Registration

Updated
2017-12-22
Name servers
  • ns.udag.de.
  • ns.udag.net.
  • ns.udag.org.

DNS records live

NS
  • ns.udag.de
  • ns.udag.net
  • ns.udag.org
MX
  • 20 mx02.hornetsecurity.com
  • 30 mx03.hornetsecurity.com
  • 40 mx04.hornetsecurity.com
TXT
  • bw=EnOttc7Z5ZKAfjZ3aW5xn93NElGAQBfFOUzSCbVyyz4D
  • firebase=fpz-scan-app
Verified for
  • Google
  • Meta
  • Microsoft 365

Email authentication partial

SPF
v=spf1 a:secmail.fpz.de include:one.zoho.eu include:eu.zcsend.net include:spf.protection.outlook.com include:emsd1.com include:spf.hornetsecurity.com -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:admin@fpz.de;
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bgIgaRdzjREjagufpOu7dmM7B1/TY8SLJV9Uw3PzNalfgh99WMuKAxdpDmAx3qnJfJnA0…
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoTzFtnQopqEHTr6ohDww7hOmhiJF34Jv5evcWSqXfdrSPq6wAIHHKO40+rcWjBenYgUewToxfyzv+c5+SFF…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcLi/cQJNZftShLFhgwttnwS57aKUmWyzXHZiDiet2mxocy1HEs3ik7p2bnEzTTuQG92PkvVOPLq3fA97buZ…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV E36
from 2025-10-14 to 2026-10-15
Expires in 147 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://fpz.de/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
Header values
referrer-policy
strict-origin-when-cross-origin
permissions-policy
geolocation=(), microphone=()
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; connect-src 'self' https://*.fpz.de https://*.openstreetmap.org https://*.msgsndr.com wss://*.leadconnectorhq.com https://services.leadconnectorhq.com https://*.leadconnectorhq.com https://region1.google-analytics.com https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://widgets.leadconnectorhq.com https://eu-api.friendlycaptcha.eu; script-src 'self' https://*.googletagmanager.com https://*.b4u-cloud.de wss://*.leadconnectorhq.com https://services.leadconnectorhq.com https://*.leadconnectorhq.com https://www.google.com https://cdn.socket.io https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.honey.io https://*.b4u-cloud.de wss://*.leadconnectorhq.com https
strict-transport-security
max-age=63072000; includeSubDomains; preload

Links to (7)

Linked from (4)