mercator-leasing.de

.de crawl

First seen 2026-04-12 · Last seen 2026-05-20 · ok HTTP/1.1 200 1802 ms crawled 2026-05-20

DE · 85.13.166.143 · AS34788 Neue Medien Muennich GmbH

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Partner für Leasinglösungen & Finanzkonzepte | Mercator Leasing
Description: Vertrauen Sie bei innovativen Finanzlösungen, branchenspezifischen Miet- und Leasingkonzepten auf Mercator-Leasing.
Language: de-DE
Canonical: https://www.mercator-leasing.de/

Open Graph

url: https://www.mercator-leasing.de/home
title: Partner für Leasinglösungen & Finanzkonzepte | Mercator Leasing
description: Vertrauen Sie bei innovativen Finanzlösungen, branchenspezifischen Miet- und Leasingkonzepten auf Mercator-Leasing.

Technology

Server: Apache
jQuery: 3.5.1

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (3)

code.tidio.co×1
consent.cookiebot.com×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

09721 4747-0

Registration

Updated

2018-10-07

Name servers

sv2.recos.net.
sv3.recos.net.

DNS records live

NS

b.ns14.net
c.ns14.net
sv2.recos.net
sv3.recos.net

MX

0 mercatorleasing-de02b.mail.protection.outlook.com

TXT

MS=5A5A1E1AF0D57EB5BC9C325C30E5F1CABBA442BC
_telesec-domain-validation=V8LWK9UXV0SD3HGOEP1RA544QABT0J33ZWD5OX90L8WS7PNLNMRJ605H03GE3TZI
QuoVadis=51b411b6-5e91-43c9-b730-8dc366ea0b7f

Verified for

Apple
Atlassian
Google

Email authentication weak

SPF: v=spf1 a mx a:mlf-extranet.de a:vc-z1sg.mercator-leasing.de a:wp253.webpack.hosteurope.de include:spf.protection.outlook.com include:spf-de.emailsignatures365.com ip4:85.13.149.35 ip4:193.158.225.130 include:spf.crsend.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-27 to 2026-07-26

Expires in 67 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.mercator-leasing.de/

present

strict-transport-security
content-security-policy
x-frame-options

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.google-analytics.com *.googletagmanager.com stats.brandcom.de *.youtube.com *.vimeo.com *.vimeocdn.com static.dvinci-easy.com code.tidio.co karriere.mercator-leasing.de; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google.com static.dvinci-easy.com; img-src 'self' data: blob: https://www.mercator-leasing.de stats.brandcom.de *.cookiebot.com *.google-analytics.com *.googletagmanager.com *.youtube.com code.tidio.co *.vimeocdn.com dnjs.cloudflare.com unpkg.com code.tidio.co avatars.tidiochat.com tidio-images-messenger.s3.us-east-1.amazonaws.com; frame-src 'self' consentcdn.cookiebot.com *.googletagmanager.com *.youtube.com *.vimeo.com karriere.mercator-leasing.de
strict-transport-security: max-age=86400