hornsverige.se
HTML metadata
Technology
- Server
- nginx
- Cookie consent
-
- Cookiebot
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- consent.cookiebot.com×1
- fonts.googleapis.com×1
- intern-horn.swedencentral.cloudapp.azure.com×1
DNS records live
- NS
-
- ns1.simply.com
- ns2.simply.com
- ns3.simply.com
- MX
-
- 0 hornsverige-se.mail.protection.outlook.com
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:dmarc@hornsverige.se; pct=100policy: quarantine - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iurVPiO34keBnrRdhRaCX8LT7iLGXUOpJTLNyrkRAhdawvLDStz86+cQSJgsPMdGFSzX4bAjWBJhG…
selectors probed - selector1:
Certificate (current)
R12
Expires in 29 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- weak content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN, SAMEORIGIN- x-content-type-options
nosniff, nosniff- content-security-policy
script-src http: https: https://intern-horn.swedencentral.cloudapp.azure.com/; style-src 'self' blob: https: 'unsafe-inline' https://intern-horn.swedencentral.cloudapp.azure.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com- strict-transport-security
max-age=31536000