indexo.dev

kst-vechta.de

.de crawl

First seen 2026-06-04 · Last seen 2026-06-04 · ok HTTP/1.1 200 269 ms crawled 2026-06-04

DE · 80.153.167.66 · AS3320 Deutsche Telekom AG

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Schulserver

Technology

CMS
Gatsby

Registration

Updated
2025-01-03
Name servers
  • john.ns.cloudflare.com.
  • liz.ns.cloudflare.com.

DNS records live

NS
  • john.ns.cloudflare.com
  • liz.ns.cloudflare.com
MX
  • 1 mail.kst-vechta.de
Verified for
  • Apple
  • Google

Email authentication weak

SPF
v=spf1 +a +mx include:ewetel.net ~all
softfail (~all)
DMARC
not published
DKIM
  • mail: v=DKIM1; h=sha256; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybefFRJcJzWn3CyqjF63iN3O4nId5ON8CBUzaTYqcDdJbxaq5ujPp8fTau4IvKOaW6M3L…
selectors probed

Certificate (current)

E8
from 2026-04-22 to 2026-07-21
Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://kst-vechta.de/login

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'unsafe-eval';worker-src blob: data:;style-src 'self' 'unsafe-inline';font-src 'self';img-src * data:;connect-src 'self' https://backend.kst-vechta.de https://webdav.kst-vechta.de wss://kst-vechta.de:*;default-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests

Linked from (1)