indexo.dev

headandshoulders.de

.de crawl

First seen 2026-04-21 · Last seen 2026-05-15 · ok HTTP/1.1 200 2934 ms crawled 2026-05-15

NL · 20.71.72.42 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Head&Shoulders Deutschland – Offizielle Website | Head&Shoulders DE
Description
Besuchen Sie die offizielle Website von Head & Shoulders in Deutschland. Erfahren Sie alles über den Kampf gegen Schuppen. Schauen Sie sich Head&Shoulders Produkte an!
Language
de-de
Canonical
https://www.headandshoulders.de/de-de/

Open Graph

url
https://www.headandshoulders.de/de-de/
title
Head&Shoulders Deutschland – Offizielle Website | Head&Shoulders DE
description
Besuchen Sie die offizielle Website von Head & Shoulders in Deutschland. Erfahren Sie alles über den Kampf gegen Schuppen. Schauen Sie sich Head&Shoulders Produkte an!

Technology

CDN
Azure Front Door
CMS
Next.js
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • images.ctfassets.net×18
  • www.googletagmanager.com×2

Social

Registration

Updated
2018-05-07
Name servers
  • ns1-07.azure-dns.com.
  • ns2-07.azure-dns.net.
  • ns3-07.azure-dns.org.
  • ns4-07.azure-dns.info.

DNS records live

NS
  • ns1-07.azure-dns.com
  • ns2-07.azure-dns.net
  • ns3-07.azure-dns.org
  • ns4-07.azure-dns.info
MX
  • 10 mx.headandshoulders.de
TXT
  • google-site-verification=NdiRv_Zpajl_4peSCT5yc2-Wpsq-bFCVLeenIM-QvpU
  • google-site-verification=ai8aXf4naMy5vcMHJ-Oip19uNpW2wJsxchkze8Xt5-U
  • C977-7B4E-BBA9-2670-08B1-157A-034B-6AB3

Email authentication weak

SPF
not published
DMARC
v=DMARC1; p=none; fo=1; ri=3600; rua=mailto:procter-gamble@rua.dmp.cisco.com; ruf=mailto:procter-gamble@ruf.dmp.cisco.com
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2025-08-10 to 2026-09-10
Expires in 113 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.headandshoulders.de/de-de/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
base-uri 'self'; font-src 'self' https: data:; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (9)

Linked from (1)