lemocin.at
lemocin.at
HTML metadata
Technology
- jQuery
- 2.1.1 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (3)
- ajax.aspnetcdn.com×4
- js.kctag.net×1
- www.googletagmanager.com×1
Contact
- Phone
DNS records live
- NS
-
- ns1.markmonitor.com
- ns2.markmonitor.com
- ns3.markmonitor.com
- ns4.markmonitor.com
- ns5.markmonitor.com
- ns6.markmonitor.com
- ns7.markmonitor.com
- Verified for
-
Email authentication no MX
- SPF
- not published
- DMARC
-
v=DMARC1; p=reject; pct=100; fo=1; ri=3600; rua=mailto:9b1c90e3@inbox.ondmarc.com; ruf=mailto:9b1c90e3@inbox.ondmarc.com;policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 50 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
sameorigin- x-content-type-options
nosniff- content-security-policy
default-src 'self'; connect-src *; font-src 'self' use.typekit.net; frame-src 'self' *.usercentrics.eu *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.pinterest.com ; img-src 'self' *.juicer.io dashboard.umbraco.org *.usercentrics.eu maps.gstatic.com maps.googleapis.com *.google-analytics.com *.facebook.com *.google.co.uk *.google.com *.kairion.de *.pinterest.com data:; media-src *; object-src *; script-src 'self' ajax.aspnetcdn.com *.usercentrics.eu maps.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com connect.facebook.net *.kctag.net assets.pinterest.com *.tiktok.com *.pinimg.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src 'self';- strict-transport-security
max-age=31536000; preload
Links to (1)
- stada.at×1
Linked from (1)
- stada.at×1