indexo.dev

lotto-sh.de

.de crawl

First seen 2026-04-20 · Last seen 2026-05-16 · ok HTTP/1.1 200 1252 ms crawled 2026-05-14

DE · 62.159.142.138 · AS3320 Deutsche Telekom AG

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
LOTTO Schleswig-Holstein: Online LOTTO spielen!
Description
Bei LOTTO Schleswig-Holstein können Sie schnell und einfach LOTTO online spielen! Hier haben Sie die Chance auf Millionen-Jackpots! Viel Glück!
Language
de
Canonical
https://www.lotto-sh.de/

Open Graph

url
https://www.lotto-sh.de/

Technology

CMS
Gatsby
Cookie consent
  • Usercentrics

Third-party hosts loaded (5)

  • app.usercentrics.eu×1
  • cdn.jsdelivr.net×1
  • code.etracker.com×1
  • widget.moin.ai×1
  • www.facebook.com×1

Social

Contact

Phone

Registration

Updated
2022-11-04
Name servers
  • ns1.telekom-domains.de.
  • ns2.telekom-domains.de.

DNS records live

NS
  • ns1.telekom-domains.de
  • ns2.telekom-domains.de
MX
  • 10 mail.lotto-sh.de
TXT
Show 4 TXT records
  • _tfmz1sstbwfd28ixwkwudwdwot4w09k
  • 3c1774aa4826d5debcbd73387f1fc47c54f79eebb2c62fd81c9bf5c2cf96c8e
  • _okp4tmjzxfqx3khhdap2jh4f62ui5mn
  • 4110b3f7979ff91abd18a82cee483d938d97ca67ca2b94fcc762feea96fee77
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 mx include:spf.protection.outlook.com include:amazonses.com include:_spf.strato.com include:agenturserver.de include:marketing.dynamics.com ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Thawte TLS RSA CA G1
from 2025-10-13 to 2026-11-08
Expires in 171 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.lotto-sh.de/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=*,autoplay=*,camera=*,clipboard-read=*,clipboard-write=*,cross-origin-isolated=*,display-capture=*,document-domain=*,encrypted-media=*,fullscreen=*,geolocation=*,gyroscope=*,hid=*,idle-detection=*,keyboard-map=*,magnetometer=*,microphone=*,midi=*,payment=*,picture-in-picture=*,publickey-credentials-get=*,screen-wake-lock=*,serial=*,speaker-selection=*,sync-xhr=*,usb=*,web-share=*,xr-spatial-tracking=*
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/; connect-src *; img-src * data: blob:; frame-src *; style-src * 'unsafe-inline'; worker-src * blob:; child-src blob:;
strict-transport-security
max-age=63072000; includeSubDomains

Links to (9)

Linked from (3)