itacaondemand.it
itacaondemand.it
HTML metadata
Technology
- CDN
- Cloudflare
- Server
- Caddy
- jQuery
- 4.0.0
- Stack
- PHP
- Analytics
-
- Cloudflare Insights
Third-party hosts loaded (3)
- storage.teyuto.tv×14
- cdn.jsdelivr.net×4
- static.cloudflareinsights.com×1
DNS records live
- NS
-
- dns.technorail.com
- dns2.technorail.com
- dns3.arubadns.net
- dns4.arubadns.cz
- MX
-
- 10 mx.itacaondemand.it
- Verified for
-
- Brevo
Email authentication partial
- SPF
-
v=spf1 include:spf.mandrillapp.com ?allneutral (?all) - DMARC
-
v=DMARC1; p=none; adkim=r; aspf=r;policy: none (monitoring only) - DKIM
-
- mail:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed - mail:
Certificate (current)
E8
Expires in 76 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
camera=*, microphone=*, geolocation=*, payment=*, fullscreen=*- x-content-type-options
nosniff- content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; style-src-elem * 'unsafe-inline' data:; img-src * data: blob: filesystem:; font-src * data: blob:; connect-src * data: blob:; frame-src *; child-src * blob: data:; worker-src * blob: data:; media-src * data: blob: filesystem:; object-src *; base-uri *; form-action *; frame-ancestors 'self';- strict-transport-security
max-age=31536000; includeSubDomains