kibon.ch
kibon.ch
HTML metadata
Technology
- Server
- nginx
- Fonts
-
- Google Fonts
Third-party hosts loaded (1)
- fonts.googleapis.com×1
DNS records live
- NS
-
- dns1.dvbern.ch
- dns2.dvbern.ch
- MX
-
- 10 kibon-ch.mail.protection.outlook.com
- TXT
-
_jbk2pdnz9vrl5n3pgjvz1y3m5duivep
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 include:spf.dvbern.ch include:spf.protection.outlook.com include:spf.exclaimer.net a -allstrict (-all) - DMARC
- not published
- DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7LQ21esSNWRcpO7K4MMWfmfRKeTWnqC0jzMdIA2EYOSafL4Fe9LAsgEUnNGnGQeFpoO9pVXkQA4RA…
selectors probed - selector1:
Certificate (current)
RapidSSL TLS RSA CA G1
Expires in 258 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self' sentry.dvbern.ch; script-src 'self' 'unsafe-eval' ajax.googleapis.com *.dvbern.ch 'sha256-X1VzBPPaM04WbtsxO1ns9Z1+NpLfcgsd9DF4TwyOwww='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob:; connect-src 'self' *.dvbern.ch *.be.ch *.bern.ch youtube.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' piwik.dvbern.ch *.ytimg.com *.googleapis.com data: blob:; object-src 'self' blob:; frame-src https://www.youtube.com/; report-uri https://sentry.dvbern.ch/api/11/security/?sentry_key=164ef148c4e811eeaa0a0242ac130217;- strict-transport-security
max-age=31536000; includeSubDomains