hazu.swiss
hazu.swiss
Technology
- Server
- Analytics
-
- Plausible
- Fonts
-
- Google Fonts
Third-party hosts loaded (9)
- cdn.jsdelivr.net×18
- uicdn.toast.com×4
- cdn.embedly.com×2
- cdnjs.cloudflare.com×1
- firebasestorage.googleapis.com×1
- fonts.googleapis.com×1
- fonts.gstatic.com×1
- js.sentry-cdn.com×1
- plausible.io×1
DNS records live
- NS
-
- ns1.dnsimple.com
- ns2.dnsimple.com
- ns3.dnsimple.com
- ns4.dnsimple.com
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- TXT
-
firebase=hazu-ch
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:_spf.firebasemail.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:admin@hazu.swisspolicy: quarantine - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykQFTURZWnyeePt+2CsX19AW6uziOGatl5Lt2uQsZXJnZ2JqXn6cwYumod0aFV32n52lw1G7WJEOdA… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr1QNZQVqAXg37wegF0RVk+GWfu//iR8QWf+vjLIYVgjQsfzKgKW/70rwl0C+9YlkeSsEJSJ5ALhd3gfsP… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2C0/QiuhIIPnmBGzv6yB92w+qVfZUMXl1M/nwI24o3voZSz85F6c+mYgZPdqXnAuhnzyNeFD0BuVbFJ4ZJ48Af9…
selectors probed - google:
Certificate (current)
WR3
Expires in 84 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
default-src 'none'; frame-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://maps.googleapis.com http://cdn.embedly.com https://www.youtube.com https://apis.google.com https://js.stripe.com https://*.sentry-cdn.com https://raw.githack.com https://www.gstatic.com https://player.3qsdn.com https://uicdn.toast.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com http://cdn.embedly.com https://cdn.jsdelivr.net https://*.3qsdn.com https://uicdn.toast.com; font-src 'self' data: https://fonts.gstatic.com http://cdn.embedly.com https://*.3qsdn.com; media-src 'self' data: blob: https://*; img-src 'self' data: blob: https://*; connect-src 'self' https://storage.googleapis.com/ data: blob: http://localhost:* https://*.cloudfunctions.net https://*.googleapis.com http://api-cdn.embed.ly https://api-cdn.embed.ly https://vimeo.com https://cdn.aframe.io https://*.sentry.io https://*.schulverlag.ch https://- strict-transport-security
max-age=31536000; includeSubDomains; preload