jyvasauto.fi
jyvasauto.fi
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
- jQuery
- 3.7.1
Third-party hosts loaded (4)
- www.facebook.com×3
- hcaptcha.com×1
- js.hcaptcha.com×1
- newassets.hcaptcha.com×1
Contact
- Phone
DNS records live
- NS
-
- ns-15-b.gandi.net
- ns-184-c.gandi.net
- ns-53-a.gandi.net
- MX
-
- 10 spool.mail.gandi.net
- 50 fb.mail.gandi.net
Email authentication partial
- SPF
-
v=spf1 a mx include:_mailcust.gandi.net include:sendgrid.net ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=none; rua=mailto:dmarc@seravo.fipolicy: none (monitoring only) - DKIM
-
- s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5nsN+5OhDVIiLPd0N7eNjADcZFvccnols/V+T3rK56cOV4EaskCXTIZTNwRFix5EZlzKxhPAjQartvBFU… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfiTxKU48I+GmMMoOej0h5cQZnqyJepyoFu4WRB8ICX4J2P7UupMTnoTBAN0EzuRV1I/VMrGpc7rBjNjThedrDxj…
selectors probed - s1:
Certificate (current)
R13
Expires in 39 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' gstatic.com *.gstatic.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.facebook.net hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com *.muutu.fi *.fontawesome.com; object-src 'none'; font-src 'self' fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com; base-uri 'self'; frame-ancestors 'self'; default-src https: data:- strict-transport-security
max-age=31536000; includeSubDomains