lhs.com.pl
lhs.com.pl
HTML metadata
Technology
- Server
- nginx
- Analytics
-
- Google Tag Manager
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (3)
- www.googletagmanager.com×1
- www.youtube-nocookie.com×1
- www.youtube.com×1
Social
Contact
DNS records live
- NS
-
- ns1.tld.pl
- ns2.tld.pl
- MX
-
- 10 lhs.com.pl
- TXT
-
888dd362cf8441b6599b17bea2271483b270a2bec8ce68d3f6a4d05784a32ec6
Email authentication strong
- SPF
-
v=spf1 a mx ip4:213.199.196.141 include:spf.tld.pl -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:dmarc@pkp-lhs.pl; ruf=mailto:dmarc@pkp-lhs.pl; adkim=s; aspf=s;policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
Certum Domain Validation CA SHA2
Expires in 4 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- content-security-policy
connect-src 'self' *.google-analytics.com;default-src 'self';frame-ancestors 'self' ;frame-src 'self' *.youtube-nocookie.com *.youtube.com;media-src 'self' 'unsafe-inline' *.youtube.com;font-src 'self' 'unsafe-inline' *.youtube.com;img-src 'self' 'unsafe-inline' data: *.google-analytics.com *.googletagmanager.com;object-src 'none'; report-uri https://lhs.com.pl/violationReportForCSP.php;script-src 'self' 'unsafe-inline' lhs.com.pl *.youtube.com *.googletagmanager.com *.google-analytics.com;style-src 'self' 'unsafe-inline';
Links to (7)
- facebook.com×1
- instagram.com×1
- middlecorridor.com×1
- netpartners.pl×1
- pkp.pl×1
- x.com×1
- youtube.com×1