heatbeat.de
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
Third-party hosts loaded (1)
- static-files-hbe-production-public.nbg1.your-objectstorage.com×3
Social
Registration
- Updated
- 2020-01-23
- Name servers
-
- ns-1218.awsdns-24.org.
- ns-1975.awsdns-54.co.uk.
- ns-276.awsdns-34.com.
- ns-526.awsdns-01.net.
DNS records live
- NS
-
- ns-1218.awsdns-24.org
- ns-1975.awsdns-54.co.uk
- ns-276.awsdns-34.com
- ns-526.awsdns-01.net
- MX
-
- 0 heatbeat-de.mail.protection.outlook.com
- TXT
-
google-site-verification=KRl1JpEHkZ-bDkllYC6GX6Soa3V8aGbr-4DUkSkLKD0MS=ms36665828
Email authentication partial
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
- not published
- DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSj5oJtWwIdbukk+ab3yh8cLKTqb4naa71r6PEyKKs/4cKslwmQahbcBN/DeH+IkQaUXbuzG0TYdAl…
selectors probed - selector1:
Certificate (current)
E7
Expires in 57 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- short HSTS max-age
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
Header values
- referrer-policy
same-origin, no-referrer-when-downgrade- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()- x-content-type-options
nosniff- content-security-policy
frame-ancestors 'self'; font-src 'self' static-files-hbe-production-public.nbg1.your-objectstorage.com; media-src 'self' static-files-hbe-production-public.nbg1.your-objectstorage.com static-files-hbe-production.s3.eu-central-1.amazonaws.com; connect-src 'self' sentry.heatbeat.dev https://nominatim.openstreetmap.org static-files-hbe-production-public.nbg1.your-objectstorage.com; script-src 'self' 'nonce-xAtSE/k/WkaSDKaGRZ9p0A==' https://www.youtube.com static-files-hbe-production-public.nbg1.your-objectstorage.com; style-src 'self' 'unsafe-inline' static-files-hbe-production-public.nbg1.your-objectstorage.com; report-to csp-endpoint; default-src 'self' static-files-hbe-production-public.nbg1.your-objectstorage.com; frame-src 'self' https://www.youtube.com; form-action 'self'; img-src 'self' data: https://*.tile.openstreetmap.org https://sgx.geodatenzentrum.de https://img.youtube.com static-files-hbe-production-public.nbg1.your-objectstorage.com static-files-hbe-production-private.nbg1.- strict-transport-security
max-age=60; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload- cross-origin-opener-policy
same-origin- cross-origin-embedder-policy
credentialless- cross-origin-resource-policy
cross-origin- content-security-policy-report-only
frame-ancestors 'self'; font-src 'self' static-files-hbe-production-public.nbg1.your-objectstorage.com; media-src 'self' static-files-hbe-production-public.nbg1.your-objectstorage.com static-files-hbe-production.s3.eu-central-1.amazonaws.com; connect-src 'self' sentry.heatbeat.dev https://nominatim.openstreetmap.org static-files-hbe-production-public.nbg1.your-objectstorage.com; script-src 'self' 'nonce-xAtSE/k/WkaSDKaGRZ9p0A==' https://www.youtube.com static-files-hbe-production-public.nbg1.your-objectstorage.com; style-src 'self' 'unsafe-inline' static-files-hbe-production-public.nbg1.your-objectstorage.com; report-to csp-endpoint; default-src 'none'; frame-src 'self' https://www.youtube.com; form-action 'self'; img-src 'self' data: https://*.tile.openstreetmap.org https://sgx.geodatenzentrum.de https://img.youtube.com static-files-hbe-production-public.nbg1.your-objectstorage.com static-files-hbe-production-private.nbg1.your-objectstorage.com static-files-hbe-production.s3.eu-centra