hnbg.de

.de crawl

First seen 2026-04-20 · Last seen 2026-05-14 · ok HTTP/1.1 200 1081 ms crawled 2026-05-14

DE · 193.101.47.139 · AS8893 Artfiles New Media GmbH

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title

Heisenberg HNBG - Bongshop, Headshop, Growshop | Qualität & Vielfalt

Description

Heisenberg HNBG Onlineshop | Bongshop, Headshop, Growshop. Top-Qualität & günstige Preise seit 2005. Ständig Rabattaktionen und Sale! Blitzversand!

Language

Canonical

https://www.hnbg.de

Translations

de-de

Open Graph

url: https://www.hnbg.de
title: Heisenberg HNBG - Bongshop, Headshop, Growshop | Qualität & Vielfalt
site name: HNBG Heisenberg Headshop
description: Heisenberg HNBG Onlineshop | Bongshop, Headshop, Growshop. Top-Qualität & günstige Preise seit 2005. Ständig Rabattaktionen und Sale! Blitzversand!

Technology

Server: Apache
CMS: Gatsby

Third-party hosts loaded (4)

integrations.etrusted.com×1
kaya-shisha.alterspruefung365.de×1
widgets.trustedshops.com×1
www.heisenberg.shop×1

Social

Contact

Email

Phone

Address

Heerenholz 14a, 28307, Bremen, HB, DE

Registration

Updated

2018-06-06

Name servers

dns.bremen-nord.de.
dns.vege.net.
ns2.bremen-nord.de.
ns2.y4i.de.

DNS records live

NS

dns.bremen-nord.de
dns.vege.net
ns2.bremen-nord.de
ns2.y4i.de

MX

10 mx3.vege.net
20 mx2.vege.net

Email authentication weak

SPF: v=spf1 a mx include:spf.nl2go.com include:vege.net -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-02 to 2026-07-31

Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.hnbg.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: *, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.fonts.googleapis.com data: *.cloudflare.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com static.unzer.com *.googleadservices.com *.google-analytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.vdcprojects.xyz https://b2b-smoking-com.vdcprojects.xyz/stores/store/redirect/ *.de *.com *.shop 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcom
strict-transport-security: max-age=31536000; includeSubDomains

Links to (5)

Linked from (2)

hanfjournal.de×2
b2b-smoking.de×1