holtwick.de

.de crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 240 ms crawled 2026-05-19

CH · 149.126.4.46 · AS47302 cyon AG

Reputation 94/100 dmarc monitor-only

sector tech type homepage

HTML metadata

Title

Software Development & Privacy-Focused Apps | Dirk Holtwick

Description

Professional software developer creating secure, privacy-focused web, mobile & desktop applications. Based in Germany, serving worldwide.

Language

Generator

Proprietary tool based on Vite SSG, see https://holtwick.de/blog/website-ssg

Canonical

https://holtwick.de/

Translations

Feeds

Dirk Holtwick (de) RSS

Open Graph

url: https://holtwick.de/
title: Software Development & Privacy-Focused Apps | Dirk Holtwick
locale: en
site name: Dirk Holtwick
description: Professional software developer creating secure, privacy-focused web, mobile & desktop applications. Based in Germany, serving worldwide.

Social

Registration

Updated

2026-04-14

Name servers

ns1.cyon.ch.
ns2.cyon.ch.

DNS records live

NS

ns1.cyon.ch
ns2.cyon.ch

MX

0 holtwick.de

Verified for

Google

Email authentication partial

SPF

v=spf1 include:spf.protection.cyon.net -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74TFZ+1s9/SHdfXi9C+JtIF2nj97VZiAz6SlYiah627QtRgD9CXuIq3cPFAUJPYXu4H2XakA8yDYPa…

selectors probed

Certificate (current)

R13

from 2026-05-19 to 2026-08-17

Expires in 89 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://holtwick.de/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: same-origin
permissions-policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=(self), cross-origin-isolated=*, display-capture=(self), document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=(self), midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.holtwick.de *.pdfify.app *.receipts-app.com *.apperdeck.com *.youtube.com *.ytimg.com *.replies.io *.paddle.com *.paddlecdn.com *.paddlepay.com *.profitwell.com *.cloudflare.com cdnjs.cloudflare.com *.sentry.io *.sentry-cdn.com *.cloudfront.net *.report-uri.com *.stripe.com *.stripe.network fonts.googleapis.com fonts.gstatic.com *.localizecdn.com *.spreedly.com;
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (5)

Linked from (2)

receipts-app.com×2
iosdevdirectory.com×2