indexo.dev

marcasolidale.it

.it crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 457 ms crawled 2026-05-30

DE · 136.243.48.214 · AS24940 Hetzner Online GmbH

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Marca Solidale ETS
Language
it

Open Graph

ttl
2419200
title
Marca Solidale ETS
description
Marca Solidale ETS

Technology

Server
nginx
jQuery
3.7.0
Analytics
  • Google Tag Manager
Fonts
  • Font Awesome
  • Google Fonts
Third-party hosts loaded (7)
  • cdn.jsdelivr.net×5
  • cdnjs.cloudflare.com×5
  • code.jquery.com×1
  • fonts.googleapis.com×1
  • kit.fontawesome.com×1
  • use.fontawesome.com×1
  • www.googletagmanager.com×1

Contact

Email
Phone

DNS records live

NS
  • ns1.host-anycast.it
  • ns2.host-anycast.com
MX
  • 1 smtp.google.com
Verified for
  • Google

Email authentication weak

SPF
v=spf1 include:_spf.google.com mx a:smtp.movingminds.net ~all
softfail (~all)
DMARC
not published
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR5782SDZszoAEIjrCuiI1R5xYDvygij3oG4VmLuueVG/99mvyiIZlTQB5sxIXR8V4RFvTJfuE2PEa…
selectors probed

Certificate (current)

E7
from 2026-04-30 to 2026-07-29
Expires in 58 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://marcasolidale.it/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • weak content type protection
Header values
referrer-policy
no-referrer
x-frame-options
sameorigin, SAMEORIGIN
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff, nosniff
content-security-policy
script-src 'self' 'unsafe-inline' ajax.googleapis.com unpkg.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com kit.fontawesome.com maps.google.com *.google.com *.googleapis.com *.datatables.net *.facebook.net *.facebook.com *.fb.net *.fb.com connect.facebook.net www.facebook.com *.googletagmanager.com *.googleadservices.com; upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-opener-policy
unsafe-none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin

Links to (3)

Linked from (1)