indexo.dev

loprais.cz

.cz crawl

First seen 2026-05-31 · Last seen 2026-06-01 · ok HTTP/1.1 200 1191 ms crawled 2026-05-31

CZ · 81.91.85.150 · AS39790 Web4U s.r.o.

Reputation 64/100 wrong cert weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Loprais
Language
cs

Open Graph

url
/

Technology

Server
nginx
PHP
7.1.33 end of life
jQuery
3.3.1 known XSS (<3.5)
Stack
PHP
Fonts
  • Adobe Fonts

Third-party hosts loaded (2)

  • use.typekit.net×1
  • www.google.com×1

Social

DNS records live

NS
  • ns1.regzone.cz
  • ns1.regzone.de
  • ns1.regzone.info
MX
  • 1 host2.itglobe.eu

Email authentication partial

SPF
v=spf1 +a +mx +a:host2.itglobe.eu include:servers.mcsv.net include:spf.smartemailing.cz -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:rua-143019fe07674649@dmarc-reports.leadhub.co; ruf=mailto:ruf-143019fe07674649@dmarc-reports.leadhub.co;
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17DVkuGM7NVou5WhSdRskAG7+qoLcV15lL96uW0vmzDlWbaxBX1ASU2oq6MgejO1panoOt/FH3CHJGrOEmaSo…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current) wrong cert

prvni-pozice.com
from 2017-09-01 to 2018-09-01
Expired 2831 days ago

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.loprais.cz/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
child-src *;connect-src 'self' https://www.google-analytics.com https://*.googleapis.com/ https://www.facebook.com https://stats.g.doubleclick.net https://*.google.com https://*.google.cz https://*.google.sk https://*.smartlook.com;default-src 'self';font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com https://*.typekit.net;form-action 'self' * https://www.facebook.com https://connect.facebook.net;frame-ancestors 'self';frame-src *;img-src data: *;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://www.google.cz https://www.google.sk https://www.youtube.com https://*.ytimg.com https://*.smartlook.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*

Links to (6)

Linked from (2)