lotto-niedersachsen.de

HTML metadata

Title: LOTTO Niedersachsen - Online spielen beim Original
Description: LOTTO 6aus49, Eurojackpot, Rubbellose, GlücksSpirale, KENO und BINGO! und TOTO Ergebniswette oder TOTO Auswahlwette online beim Original spielen.
Language: de

Technology

CDN: Cloudflare
CMS: Nuxt

Third-party hosts loaded (1)

images.ctfassets.net×10

Social

Registration

Updated

2026-02-17

Name servers

emma.ns.cloudflare.com.
frank.ns.cloudflare.com.

DNS records live

NS

emma.ns.cloudflare.com
frank.ns.cloudflare.com

MX

10 mx01.lotto-niedersachsen.de
100 mx00.lotto-niedersachsen.de

TXT

_telesec-domain-validation=B403922DD410F8822C38535273D5F0949C6683A355C6839E95E55DE5C14BF6D1
mindmanager-verification=ea50b99c90699491f9931749ffb1f7788952c5d67edaa8be10e0324f1dfe13cc
ExMUfBrq=7f78eca603f78fc7ceb55f2ea7494f3d

Verified for

Anthropic
GlobalSign

Email authentication strong

SPF

v=spf1 mx include:_spf.tln-hannover.de -all

strict (-all)

DMARC

v=DMARC1; p=reject;  adkim=r; aspf=s; sp=none; pct=100; rua=mailto:dmarc-reporting@lotto-niedersachsen.de, mailto:re+wgvikod36vt@dmarc.postmarkapp.com

policy: reject (enforced) · sp=none

DKIM

default: v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SbQDAMlIXqnunzVCt843I4b5XjGZiP+bCA6QtR0C776LxkfuglSjuS6LSsjSGM6x4n0WRdTzVgIBpH7…

selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2025-06-19 to 2026-07-21

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.lotto-niedersachsen.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-resource-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin, no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
permissions-policy: encrypted-media=(self "https://www.youtube-nocookie.com"), picture-in-picture=(self "https://www.youtube-nocookie.com"), fullscreen=(self "https://www.youtube-nocookie.com"), geolocation=(self "https://ast.lotto-niedersachsen.de" "https://ast.morf-stage.lotto-niedersachsen.de"), web-share=(self), accelerometer=(), autoplay=(), gyroscope=(), camera=(), microphone=(), display-capture=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), idle-detection=(), hid=(), serial=(), bluetooth=(), browsing-topics=(), local-fonts=(), identity-credentials-get=(), attribution-reporting=(), compute-pressure=(), cross-origin-isolated=(), gamepad=(), otp-credentials=(), publickey-credentials-create=(), publickey-credentials-get=(), storage-access=(), window-management=()
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; manifest-src 'self'; form-action 'self' https:; default-src 'none'; child-src 'self' blob:; connect-src 'self' https://*.friendlycaptcha.eu https://*.lotto-niedersachsen.de https://*.contentful.com https://*.adyen.com https://*.containers.piwik.pro https://*.piwik.pro https://*.facebook.com *.googletagmanager.com https://*.google.com https://*.google.de *.googlesyndication.com *.googleadservices.com https://*.doubleclick.net https://*.bing.com https://*.bing.net https://*.ctfassets.net https://sentry-relay *.yimg.com wss://*.speech.microsoft.com https://*.eye-able.com https://*.eye-able-cdn.com; font-src 'self' https://*.lotto-niedersachsen.de https://*.gstatic.com https://*.eye-able.com https://*.eye-able-cdn.com; frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.lotto-ast.k8s.atmina.systems https://ast.morf-stage.lotto-niedersachsen.de https://ast.lotto-niedersachsen.de https://*.adyen.com *.googletagmanager.com https://*.doubleclick.net
strict-transport-security: max-age=16070400; includeSubDomains
cross-origin-resource-policy: same-origin