galos.nl
galos.nl
HTML metadata
Technology
- CMS
- Nuxt
- JS framework
- Nuxt, Vue
Third-party hosts loaded (5)
- snapshots.wseengine.com×58
- cdn.streace.io×13
- api.wseengine.com×2
- chat.wseengine.com×1
- member.wseengine.com×1
Contact
DNS records live
- NS
-
- ns0.transip.net
- ns1.transip.nl
- ns2.transip.eu
- MX
-
- 10 galos.nl
- 20 relay.transip.nl
Email authentication weak
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 55 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.wseengine.com localhost:*; child-src 'self' *.nanocosmos.de *.ceeblue.tv livetoysync.netlify.app; connect-src 'self' wss: ws: *.wseengine.com *.streace.dev *.streace.io *.hotjar.com *.hotjar.io *.nanocosmos.de *.ceeblue.tv *.google-analytics.com *.consentmanager.net *.googleoptimize.com *.google.com *.googletagmanager.com livetoysync.netlify.app localhost:*; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.consentmanager.net *.google-analytics.com *.googleoptimize.com optimize.google.com *.googleanalytics.com *.hotjar.com *.hotjar.io *.wseengine.com *.nanocosmos.de *.azshopp.com livetoysync.netlify.app localhost:*; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.googletagmanager.com optimize.google.com vjs.zencdn.net livetoysync.netlify.app; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net *.hotjar.com *.hotjar.io *.googletagmanager.com livetoysync.netlify.app; frame-src *.hotjar.com *.hotjar.io *.cons- strict-transport-security
max-age=31536000; includeSubDomains