h2o-badeparadies.de
h2o-badeparadies.de
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
Third-party hosts loaded (3)
- hcaptcha.com×1
- js.hcaptcha.com×1
- newassets.hcaptcha.com×1
Social
Registration
- Updated
- 2025-12-10
- Name servers
-
- ns01.agenturserver.co.
- ns01.agenturserver.de.
- ns01.agenturserver.it.
DNS records live
- NS
-
- ns01.agenturserver.co
- ns01.agenturserver.de
- ns01.agenturserver.it
- MX
-
- 10 smtp1.ewr-gmbh.de
- 100 mxlb.ispgateway.de
- 20 smtp2.ewr-gmbh.de
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 a mx include:spf.crsend.com ip4:185.104.72.187 ip4:185.104.72.188 ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 62 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(), microphone=(), camera=(), payment=(), usb=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: blob: *; font-src 'self' data: blob: *; connect-src 'self' * data: blob:; media-src 'self' blob: *; frame-src 'self' *; object-src 'none'; base-uri 'self'; form-action 'self' *; upgrade-insecure-requests;- strict-transport-security
max-age=31536000- cross-origin-opener-policy
unsafe-none- cross-origin-resource-policy
cross-origin