kinobourbaki.ch

HTML metadata

Title: Programm | Kino Bourbaki Luzern
Description: Das aktuelle Kinoprogramm des Kinos Bourbaki in Luzern.
Language: de-ch
Canonical: https://www.kinobourbaki.ch/de-ch/programm.html

Open Graph

url: https://www.kinobourbaki.ch/de-ch/programm.html
title: Programm | Kino Bourbaki Luzern
site name: Kino Bourbaki Kino/Bar Luzern
description: Das aktuelle Kinoprogramm des Kinos Bourbaki in Luzern.

Technology

Server: nginx

Cookie consent

Cookiebot

Third-party hosts loaded (1)

consent.cookiebot.com×1

Social

Contact

Address: Löwenplatz 11, 6004, Luzern, CH

DNS records live

NS

ns11.infomaniak.ch
ns12.infomaniak.ch

MX

0 kinobourbaki-ch.mail.protection.outlook.com

Verified for

Microsoft 365

Email authentication strong

SPF

v=spf1 a mx a:office.neugasskino.com a:mail.commercio.ch include:spf.crsend.com include:spf.protection.outlook.com include:_spf.sui-inter.net -all

strict (-all)

DMARC

v=DMARC1; p=quarantine

policy: quarantine

DKIM

default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DbJypfsPheqGPGZ4eMYXmhCfB70BkvtUF4QVCmIDvVcUPMpr2Ow3JZsKKBfWjB8u89SOvK61pILmTehBj7KT…

selectors probed

Certificate (current)

R13

from 2026-05-28 to 2026-08-26

Expires in 86 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.kinobourbaki.ch/de-ch/programm.html

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; connect-src 'self' https://*.cookiebot.com https://*.friendlyanalytics.ch/matomo.php https://*.friendlyanalytics.io/matomo.php https://*.gstatic.com https://*.irdeto.com/ https://*.redbee.live/ https://analytics.friendly.is/matomo.php https://eu01.rec.mouseflow.com https://redbee.live https://translate.google.com; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.postfinance.ch/; frame-ancestors 'self'; frame-src 'self' blob: data: https://*.vimeo.com/ https://*.youtube.com/ https://consentcdn.cookiebot.com/ https://youtube.com/; img-src 'self' data: https://*.cookiebot.com https://*.friendlyanalytics.ch https://*.friendlyanalytics.io https://*.gstatic.com https://*.irdeto.com/ https://*.redbee.live/ https://analytics.friendly.is https://i.vimeocdn.com https://i.ytimg.com https://redbee.live https://translate.google.com; manifest-src 'self'; media-src 'self' blob: data: https://*.redbee.live https://*.vimeo.com https://*.youtube
strict-transport-security: max-age=15768000; includeSubDomains
content-security-policy-report-only: base-uri 'self'; connect-src 'self' https://*.cookiebot.com https://*.friendlyanalytics.ch/matomo.php https://*.friendlyanalytics.io/matomo.php https://*.gstatic.com https://*.irdeto.com/ https://*.redbee.live/ https://analytics.friendly.is/matomo.php https://eu01.rec.mouseflow.com https://redbee.live https://translate.google.com; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.postfinance.ch/; frame-ancestors 'self'; frame-src 'self' blob: data: https://*.vimeo.com/ https://*.youtube.com/ https://consentcdn.cookiebot.com/ https://youtube.com/; img-src 'self' data: https://*.cookiebot.com https://*.friendlyanalytics.ch https://*.friendlyanalytics.io https://*.gstatic.com https://*.irdeto.com/ https://*.redbee.live/ https://analytics.friendly.is https://i.vimeocdn.com https://i.ytimg.com https://redbee.live https://translate.google.com; manifest-src 'self'; media-src 'self' blob: data: https://*.redbee.live https://*.vimeo.com https://*.youtube