kompass.de
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Plausible
- Cookie consent
-
- Cookiebot
Third-party hosts loaded (6)
- www.googletagmanager.com×2
- cdn.stroeerdigitalgroup.de×1
- consent.cookiebot.com×1
- plausible.io×1
- tag.md-nx.com×1
- unpkg.com×1
Social
Registration
- Updated
- 2021-01-13
- Name servers
-
- helium.ns.hetzner.de.
- hydrogen.ns.hetzner.com.
- oxygen.ns.hetzner.com.
DNS records live
- NS
-
- helium.ns.hetzner.de
- hydrogen.ns.hetzner.com
- oxygen.ns.hetzner.com
- MX
-
- 10 mx01.mep.pandasecurity.com
- 10 mx02.mep.pandasecurity.com
- TXT
-
Show 4 TXT records
MS=ms83722509ca3-24561e250a4c4016983556bb0fe4b845google-site-verification=Q5q1KC8BvbZHtSrx4NBWcbS6n0IqInUSb43-mdUsmSEgoogle-site-verification=eQcbdi94nGfAeOJP1PMUnWOo9a6orkXv_zHJ2521UGo
Email authentication weak
- SPF
-
v=spf1 include:spf.mailjet.com include:spf.mep.pandasecurity.com -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
WE1
Expires in 64 days
HTTP security headers
- present
-
- content-security-policy
- x-content-type-options
- permissions-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Referrer Policy
Header values
- permissions-policy
web-share=*- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* https://*.kompass.de:* https://*; frame-src 'self' https://* https://js.stripe.com https://app.mailjet.com https://xhiu7.mjt.lu; connect-src 'self' https://*.kompass.de:* http://localhost:* wss://*.kompass.de:* https://* https://api.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://ade.googlesyndication.com https://* data: blob:; font-src 'self' https://*.kompass.de data:; worker-src 'self' blob:; frame-ancestors * data: blob: ;