layher.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-16 · ok HTTP/1.1 200 2352 ms crawled 2026-05-07

DE · 80.149.159.71 · AS3320 Deutsche Telekom AG

Reputation 94/100 dmarc monitor-only

sector other type homepage

HTML metadata

Title

Layher

Language

de-de

Canonical

https://www.layher.com/de-de

Translations

en-de

Technology

Server: Microsoft-IIS
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Registration

Registrar

1API GmbH

Created

1996-12-13

Expires

2026-12-12 207 days left

Updated

2025-12-13

Name servers

ns2.xc-ns.de
ns5.xc-ns.de

DNS records live

NS

ns2.xc-ns.de
ns5.xc-ns.de

MX

100 de-smtp-inbound-1.mimecast.com
200 de-smtp-inbound-2.mimecast.com

TXT

Show 20 TXT records

0ed1fe018aae99f1c7de5f4708ad29b7b5c64274ec
x9d1l46h97641bcxccpdky70hf3wvhfm
globalsign-domain-verification=wMfw-guUEo2lVQ0iKwmQjBGZ879XvDm7tdAFHVmeLo
vhvpj1xwhmz85p6bw7zjsvnzwv3w8lts
_qtarf94897wnv62hj46nyw4npjhqfog
4c8lgnlc2n8yfb7t6f0txz6w1t92cvdc
5nz2clh942tfd6x09gdhw678l9gbcwzd
6810xrfkq4mthk6y6wtcl3cbbm521zh0
tky27qjqyvjy3myccq0pz191ctx7k3d5
202109160234120d5h592d29zq9ojcj0st67hytntsx6isi0rar35zreanoyj28v
_zp5qtffo2qlk7pgm17s7fsgcxi0jn84
apple-domain-verification=xQPkG92eudqgHOIS
_dcv8so2lxlux1jw2fgpya6ophkjyvfc
vfqcc7b0yl0qy86zz03znjvc1h2pw9b1
7zv4tjckc8dcrm7fjfhkhnxb23n31gh3
_k7o4o96n6zrckza6pup26qka7aunugm
vjqmcg582lh7j1jx0d51wjyr5tckvrbz
globalsign-domain-verification=Bp4xdw3GVZ0SlRgXX225GvFKI3yyd4HZEkH961DYvP
swisssign-check=RvPK_YwtDyKsZb9sSawipxs63cQ
_a7xqo6h880oa425qp8u9eblbsnicinl

Email authentication strong

SPF: v=spf1 a mx ip4:217.5.133.92 include:de._netblocks.mimecast.com include:spf.mailjet.com include:_spf.senders.dc.aeb.com include:spf.hornetsecurity.com ~all
softfail (~all)
DMARC: v=DMARC1; p=none
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2025-07-29 to 2026-08-30

Expires in 103 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.layher.com/de-de

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' *.layher.de https://unpkg.com *.usercentrics.eu www.youtube.com www.youtube-nocookie.com scnem3.com scnem.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com blob:; frame-src 'self' *.layher.de *.usercentrics.eu www.youtube.com www.youtube-nocookie.com scnem3.com scnem.com www.ausschreiben.de ausschreiben.de *.googletagmanager.com *.google.com; child-src 'self' *.layher.com *.layher.de; style-src 'self' 'unsafe-inline' *.sitecorecloud.io *.layher.de fast.fonts.net scnem3.com scnem.com *.googleapis.com; font-src 'self' data: *.layher.de scnem3.com scnem.com fonts.gstatic.com; img-src 'self' data: *.sitecorecloud.io *.sitecorecontenthub.cloud *.layher.com *.layher.de *.usercentrics.eu www.youtube.com i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com; connect-src 'self' api-engage-eu.
strict-transport-security: max-age=63072000; includeSubDomains; preload