indexo.dev

idw.de

.de crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 4711 ms crawled 2026-05-05

DE · 208.82.72.47 · AS205411 WIIT AG

Reputation 100/100

Classifying

Registration

Updated
2026-04-16
Name servers
  • ns1.boreus.de.
  • ns2.boreus.de.
  • ns3.boreus.de.
  • ns4.boreus.de.

DNS records live

NS
  • ns1.boreus.de
  • ns2.boreus.de
  • ns3.boreus.de
  • ns4.boreus.de
MX
  • 10 idw-de.mail.protection.outlook.com
TXT
  • tmes=dff192b65b32e02a65294176514ed5b7
  • v=spf1 mx ip4:185.243.10.111 ip4:213.61.151.93 ip4:185.243.10.28 ip4:213.61.151.91 include:spf.protection.outlook.com include:spf-de.emailsignatures365.com include:_spf.zimpel.de a:mail.fp-sign.com include:_spf.sendnode.com include:spf.prod.universal-messenger.cloud ~all
Verified for
  • Microsoft 365

Certificate (current)

GeoTrust TLS RSA CA G1
from 2026-01-16 to 2027-01-16
Expires in 240 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://idw.de/index

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
DENY
permissions-policy
geolocation=(self), microphone=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: https://*.idw.de; frame-src 'self' https://www.google.com https://*.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.idw.de https://www.google.com https://www.gstatic.com https://*.vimeo.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.idw.de; img-src 'self' data: https://*.idw.de https://idw-dev-webforms.e-spirit.cloud https://idw-qa-webforms.e-spirit.cloud https://idw-prod-webforms.e-spirit.cloud https://*.vimeocdn.com/; font-src 'self' https://*.idw.de; frame-ancestors 'none'; connect-src 'self' https://*.idw.de https://matomo.idw.de https://idw-dev-webforms.e-spirit.cloud https://idw-qa-webforms.e-spirit.cloud https://idw-prod-webforms.e-spirit.cloud https://cdn.plyr.io/;
strict-transport-security
max-age=31536000 ; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin

Linked from (4)