indexo.dev

kba.de

.de crawl

First seen 2026-04-15 · Last seen 2026-05-13 · ok HTTP/1.1 200 5917 ms crawled 2026-05-09

DE · 141.38.3.30 · AS41289 Deutscher Wetterdienst

Reputation 94/100 dmarc monitor-only

sector government type homepage

HTML metadata

Title
Kraftfahrt-Bundesamt - Startseite
Description
Homepage des deutschsprachigen Auftritts
Language
de
Generator
Government Site Builder
Canonical
https://www.kba.de/DE/Home/home_node.html

Technology

Server
Apache

Registration

Updated
2017-06-19
Name servers
  • dns-3.dfn.de.
  • dnsisp1.dwd.de.
  • dnsisp2.dwd.de.

DNS records live

NS
  • dns-3.dfn.de
  • dnsisp1.dwd.de
  • dnsisp2.dwd.de
MX
  • 10 ofcsgbbm.gbbmvi-wan.de
  • 20 zbcsgbbm.gbbmvi-wan.de
TXT
  • adobe-idp-site-verification=7faa256ab1b68b83246eb928bfdeae61d7148e32fedb550b279e875eddf012e0
  • apple-domain-verification=iGxjNs8ldmGJVIUe

Email authentication partial

SPF
v=spf1 mx ip4:141.38.3.247 ip4:141.38.3.248 ip4:141.38.12.84 ip4:141.38.12.85 ip4:141.38.3.230 ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:reports@report.ofcsgbbm.gbbmdv.bund.de
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2025-07-30 to 2026-07-31
Expires in 73 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.kba.de/DE/Home/home_node.html

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.kba.de; base-uri 'self' *.kba.de; style-src 'self' 'unsafe-inline' *.kba.de *.atu.bundesbots.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kba.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com kabea.bundesbots.de; connect-src 'self' wss://kabea.bundesbots.de https://kabea.bundesbots.de; object-src 'self' *.kba.de multimedia.gsb.bund.de; media-src 'self' *.kba.de multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.kba.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com https://app.powerbi.com; img-src 'self' data: blob: *.kba.de *.google.com *.gstatic.com *.youtube.com kabea.bundesbots.de; frame-ancestors 'self';
strict-transport-security
max-age=31536000

Links to (5)

Linked from (10)