lestraversees.ch
HTML metadata
Technology
- Server
- nginx
- jQuery
- 1.11.3 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×3
- www.googletagmanager.com×1
- www.hemmer.ch×1
Contact
- Phone
- Address
- Rue du Criblet 4, 1700, Fribourg, FR, Suisse
DNS records live
- NS
-
- dns1.purpluehemmer.ch
- dns2.purplehemmer.ch
- MX
-
- 0 lestraversees-ch.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com ip4:213.3.22.86 -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; adkim=s; aspf=spolicy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 63 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.g.doubleclick.net *.google-analytics.com *.gstatic.com; script-src 'self' 'nonce-2kJl6zmBUQhBhUy3qRfJMsO16jK8SXzx3bMxCUJAqkgh5xeUfok49w' 'unsafe-inline' *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.theodia.org; style-src 'self' *.g.doubleclick.net *.google-analytics.com *.gstatic.com 'unsafe-inline' data: *.googleapis.com *.theodia.org 'report-sample'; report-uri https://www.lestraversees.ch/@http-reporting?csp=report&requestTime=1780185868866531&requestHash=477a800872388137c9e5acb51b381a0ffdd53219