kantofit-schwerin.de
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
Social
Contact
- Phone
- Address
- st gut zu erreichen, Parkplätze sind ausreichend vorhanden. Auf über 1000
Registration
- Updated
- 2024-02-02
- Name servers
-
- ns1.ferris.pro.
- ns2.ferris.pro.
- ns3.ferris.pro.
- ns4.ferris.pro.
DNS records live
- NS
-
- ns1.ferris.pro
- ns2.ferris.pro
- ns3.ferris.pro
- ns4.ferris.pro
- MX
-
- 10 mail.kantofit-schwerin.de
- TXT
-
google-site-verification=L8HW9b7ZAh5pvSwP09TE2KMYcfI_S81BMk3acoiCVIw
Email authentication weak
- SPF
-
v=spf1 mx a include:spf.ledl.net ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E7
Expires in 53 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
sameorigin- permissions-policy
accelerometer=(self), autoplay=(self), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=*, encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self "https://www.kantofit-schwerin.de"), usb=(self), xr-spatial-tracking=(self)- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; child-src 'self' blob: https:; connect-src 'self' *.cloudflare.com *.googleapis.com *.ipify.org wss:; default-src 'self' https: data: *.kantofit-schwerin.de; font-src 'self' fonts.gstatic.com data: https:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' avada.com *.youtube.com *.youtube-nocookie.com player.vimeo.com; media-src 'self' https: data: *.kantofit-schwerin.de; object-src 'none'; img-src 'self' blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com/jsapi *.gstatic.com *.kantofit-schwerin.de connect.facebook.net player.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com;- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
unsafe-none- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin- content-security-policy-report-only
base-uri 'self'; child-src 'self' blob: https:; connect-src 'self' *.cloudflare.com *.googleapis.com *.ipify.org wss:; default-src 'self' https: data: *.kantofit-schwerin.de; font-src 'self' fonts.gstatic.com data: https:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' avada.com *.youtube.com *.youtube-nocookie.com player.vimeo.com; img-src 'self' blob: data: https:; media-src 'self' https: data: *.kantofit-schwerin.de; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com/jsapi *.gstatic.com *.kantofit-schwerin.de connect.facebook.net player.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; report-uri /static/csp-report-tool.php?csp=1&log=3&ver=1.0.2; report-to csp-report;