harinaslapalentina.es
harinaslapalentina.es
HTML metadata
Technology
- Server
- nginx
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- fonts.googleapis.com×3
- www.googletagmanager.com×2
- cdn.cookie-script.com×1
- cdn.jsdelivr.net×1
DNS records live
- NS
-
- dimitris.ns.cloudflare.com
- norah.ns.cloudflare.com
- MX
-
- 10 vallcompanys-es.mail.protection.outlook.com
- TXT
-
3wmCS0QobI3oOtb5Oe1b1Zme6S/HsGwmOg8CzqidsO8fJGTWyTMrbXXr8/sm8Sqqrp0jZ9Qi+vsYzdrY0ft6ww==
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; pct=100; rua=mailto:re+yi2cupzdt73@dmarc.postmarkapp.compolicy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 58 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' ;object-src * data: blob: ; font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob:- strict-transport-security
max-age=31536000; includeSubDomains