hornbach-holding.de

.de crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 600 ms crawled 2026-05-18

US · 99.83.192.96 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Language: %lang%

Technology

Cookie consent

Usercentrics

Third-party hosts loaded (3)

app.usercentrics.eu×1
ir-api.eqs.com×1
privacy-proxy.usercentrics.eu×1

Registration

Updated

2016-08-03

Name servers

ns1.eurodns.com.
ns2.eurodns.com.
ns3.eurodns.com.
ns4.eurodns.com.

DNS records live

NS

ns1.eurodns.com
ns2.eurodns.com
ns3.eurodns.com
ns4.eurodns.com

MX

20 mx-in01.eu.retarus.com
20 mx-in02.eu.retarus.com

TXT

QM04Z2iiTZPmzlf8cr6Q/ZnvPv3DEZfY8YpjtmxGWnA=

Verified for

GlobalSign
Microsoft 365

Email authentication strong

SPF: v=spf1 mx include:_spf.retarus.com include:_spf.pool2.transactional-mail-a.com include:_spfhst.hornbach.com include:_spfcds.hornbach.com -all
strict (-all)
DMARC: v=DMARC1; p=reject; rua=mailto:dmarc_rua@hornbach-holding.de; ruf=mailto:dmarc_ruf@hornbach-holding.de; fo=1:d:s
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M02

from 2025-07-16 to 2026-08-15

Expires in 86 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://hornbach-holding.de/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
missing frame protection

Header values

referrer-policy: no-referrer-when-downgrade
permissions-policy: geolocation=(), microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: script-src 'self' https://ir-api.eqs.com https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/ 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=63072000; includeSubDomains; preload