gepa-shop.de

.de crawl

First seen 2026-04-15 · Last seen 2026-05-17 · ok HTTP/1.1 200 1739 ms crawled 2026-05-10

US · 151.101.1.124 · AS54113 Fastly, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Fair Trade: Produkte mit Respekt produziert – GEPA Shop
Description: Bio & Fair Trade Produkte im GEPA Fair Trade Shop kaufen. Fair zum Menschen, fair zur Natur – besser für alle! Geprüfte Qualität ✓ 100% fair ✓ Seit 1975 ✓
Language: de

Open Graph

url: https://www.gepa-shop.de/
title: Fair Trade: Produkte mit Respekt produziert – GEPA Shop
locale: de_DE
description: Bio & Fair Trade Produkte im GEPA Fair Trade Shop kaufen. Fair zum Menschen, fair zur Natur – besser für alle! Geprüfte Qualität ✓ 100% fair ✓ Seit 1975 ✓

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Cookie consent

Usercentrics

Third-party hosts loaded (8)

app.usercentrics.eu×3
api.usercentrics.eu×1
app.varify.io×1
code.etracker.com×1
privacy-proxy.usercentrics.eu×1
rum.hlx.page×1
www.facebook.com×1
www.googletagmanager.com×1

Social

Contact

Phone

202 266 83 500

Registration

Updated

2021-04-16

Name servers

ns1.plusserver.com.
ns2.plusserver.com.
ns3.plusserver.com.

DNS records live

NS

ns1.plusserver.com
ns2.plusserver.com
ns3.plusserver.com

MX

10 mail.gepa-shop.de

TXT

"v=spf1 mx a include:spf.nl2go.com -all"

Verified for

Dynamics 365
Google
Meta

Email authentication weak

SPF

not published

DMARC

not published

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP6uQ9iBA0A2yZX6e920KGn8yHRDN3ygjLN3Q+P3JZlKHMnigMpVMeV987gKr8AKisSy1eHO8TXti27Evl…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRjoKwWLYYYqrMgcrJe1qdUJfG5FQMQbGm877O3sJzzkPFWifi0KU21Z91DCWZ37t1Mq2dhDxxDQkaMS+TCZN5Wj…

selectors probed

Certificate (current)

R12

from 2026-04-27 to 2026-07-26

Expires in 67 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.gepa-shop.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: ALLOW-FROM https://newapp.etracker.com
x-content-type-options: nosniff
content-security-policy: worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com 'self' data: *.signalize.com *.gepa-shop.de *.media.gepa-shop.de *.local *.gepa.de *.userback.io *.newrelic.com *.nr-data.net *.mouseflow.com *.varify.io www.captcha.eu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.azureedge.net *.media.gepa-shop.de 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com *.etracker.com *.etracker.de *.newrelic.com *.nr-data.net *.media.gepa-shop.de 'self'; frame-src
strict-transport-security: max-age=31557600