merckfinck.de

HTML metadata

Title

Willkommen bei Merck Finck | A Quintet Private Bank

Description

Wir wissen, dass man sich Vertrauen verdienen muss und nicht einfordern sollte. Als Partner, der sich Ihr Vertrauen verdienen will, setzen wir uns für Ihre finanziellen Ziele ein, als ob es unsere eigenen wären.

Language

de-de

Canonical

https://www.merckfinck.de/de-de

Translations

de

Open Graph

url: https://www.merckfinck.de/de-de
title: Willkommen bei Merck Finck | A Quintet Private Bank
description: Wir wissen, dass man sich Vertrauen verdienen muss und nicht einfordern sollte. Als Partner, der sich Ihr Vertrauen verdienen will, setzen wir uns für Ihre finanziellen Ziele ein, als ob es unsere eigenen wären.

Technology

CDN: Azure Front Door

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Registration

Updated

2025-07-02

Name servers

dns1.quintet.com.
dns2.quintet.com.

DNS records live

NS

dns1.quintet.com
dns2.quintet.com

MX

10 smtp1.kbl-bank.com
10 smtp2.kbl-bank.com

TXT

MS=DE03187705A99BC781C285A71D854A6834FAC9CE
14168f25ab3a46f1af36e022ea2f1b28
MS=4E04AB9D9A5A7B2283531DEB84311A247908E807

Verified for

DocuSign
Microsoft 365
TeamViewer

Email authentication strong

SPF: v=spf1 mx ip4:37.148.235.128/25 -all
strict (-all)
DMARC: v=DMARC1; p=reject; rua=mailto:sfn4ctgu@ag.eu.dmarcian.com; ruf=mailto:dmarc.forensics@quintet.com; fo=1
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

GlobalSign GCC R3 DV TLS CA 2020

from 2026-03-06 to 2027-04-07

Expires in 322 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.merckfinck.de/de-de

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: sameorigin
permissions-policy: accelerometer=(),autoplay=(),camera=(),document-domain=(),encrypted-media=(),fullscreen=(self "https://player.vimeo.com" "https://www.youtube.com"),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(self "https://player.vimeo.com" "https://www.youtube.com"),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=(),geolocation=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://analytics.ahrefs.com https://www.buzzsprout.com https://www.googleadservices.com https://www.clarity.ms https://maps.googleapis.com https://js.monitor.azure.com https://www.googletagmanager.com https://www.gstatic.com https://player.vimeo.com https://f.vimeocdn.com https://js-eu1.hsforms.net https://www.google.com https://cdn.cookielaw.org https://static.ads-twitter.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://js-eu1.hs-scripts.com https://js-eu1.hsleadflows.net https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hubspot.com https://googleads.g.doubleclick.net https://www.googleadservice.com https://static.hotjar.com https://script.hotjar.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;object-src 'none';base-uri 'self';c
strict-transport-security: max-age=31536000
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin

Links to (6)

Linked from (1)

whu-golf.com×1