jako.com

HTML metadata

Title: Der offizielle JAKO Shop für Sportbekleidung | jako.com
Description: JAKO Onlineshop ✓ Sportbekleidung in Top Qualität ✓ Günstige Preise ✓ Freizeitkleidung für Herren, Damen und Kinder. ► Jetzt online bestellen!
Language: de
Canonical: https://www.jako.com/

Open Graph

url: https://www.jako.com/de-de/
title: Der offizielle JAKO Shop für Sportbekleidung | jako.com
description: JAKO Onlineshop ✓ Sportbekleidung in Top Qualität ✓ Günstige Preise ✓ Freizeitkleidung für Herren, Damen und Kinder. ► Jetzt online bestellen!

Technology

Server: Apache

Analytics

Google Analytics
Google Tag Manager

Fonts

Adobe Fonts

Third-party hosts loaded (7)

use.typekit.net×7
cdn.jako.de×3
cdn.hello-charles.com×1
googletagmanager.com×1
www.google-analytics.com×1
www.google.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

united-domains GmbH

Created

1997-12-04

Expires

2026-12-03 197 days left

Updated

2026-03-23

Name servers

ns.udag.de
ns.udag.net
ns.udag.org

DNS records live

NS

ns.udag.de
ns.udag.net
ns.udag.org

MX

0 jako-com.mail.protection.outlook.com

TXT

Show 5 TXT records

google-site-verification=yqCo0CU_vEbwhkBbsb6QYTL6HFnb1b_kS0ItIp7GYnI
openai-domain-verification=dv-BJTr3lQJoP4TSgw3b9vahgwX
MS=ms49958160
010463e7690ef65a3c1d112f97c1e
google-site-verification=tMNMGH-xU8ABZoAlSD0d83TW-RbQsljnleggEnn5abk

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:spf.dc-cluster.de include:spf.server-he.de include:_spf.salesforce.com ip4:188.244.102.186 ip4:159.195.50.211 include:123456.spf03.hubspotemail.net -all

strict (-all)

DMARC

v=DMARC1; p=none; rua= mailto:postmaster@jako.com;

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2s21RxPV69zc6j0WQxsyufYQlTTxQ2Gdhd8qP5qvuWoGy6tsrbU3r+TZJdbTJa9C0FhuyHPqPWjzR…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDkT9C2md9pishw1vzWizaJHOyJD26o9uchKRZjN/uL6FJG66Lqu5NdbwL3eE4DwiBUs90t/z6cF/T…

selectors probed

Certificate (current)

Thawte TLS RSA CA G1

from 2026-04-08 to 2026-10-24

Expires in 157 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.jako.com/de-de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://b2b.jako.com b2b.jako.com ws://127.0.0.1:35729 *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://b2b.jako.com b2b.jako.com 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.convertexperiments.com *.juicer.io *.cloudfront.net *.userlike.com *.ssl-images-amazon.com *.amazon.com *.amazon.de *.payments-amazon.com *.googleapis.com googlemaps.github.io *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google
strict-transport-security: max-age=63072000; includeSubDomains; preload