milano-aeroporti.it

.it crawl

First seen 2026-05-13 · Last seen 2026-05-19 · ok HTTP/1.1 200 3052 ms crawled 2026-05-19

US · 141.193.177.178 · AS53292 ManagedWay

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Milano-Aeroporti
Description: Milano-Aeroporti presenta tutti i servizi di collegamento tra gli aeroporti milanesi e la città. Linate,Orio,Malpensa Shuttle ed il noleggio auto con conducente.
Language: it

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Cookie consent

Iubenda

Third-party hosts loaded (3)

cdn.iubenda.com×2
ajax.googleapis.com×1
www.googletagmanager.com×1

Contact

Phone

00216510123

DNS records live

NS

ns1-02.azure-dns.com
ns2-02.azure-dns.net
ns3-02.azure-dns.org
ns4-02.azure-dns.info

MX

10 mail.engitel.com
20 mail2.engitel.com

TXT

Show 6 TXT records

5vytckk8j9drfpt1n7zp8shgm26vv002
5qf4lgmds3k051jh06d801p8mspqvk9z
_3ousvvmrecp0cq6twq2rkt1oexnmt2s
_n3os6mjg5yc0d7gycharkvzr6q4eedc
_csmshju3ypgsw3hfnm6gb8sxq89ptwd
th7d95j8g5w1yp9db1shh176mr7wdv9h

Email authentication weak

SPF: v=spf1 a mx ip4:80.247.67.200 ip4:185.58.117.110 ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-12 to 2026-08-10

Expires in 81 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.milano-aeroporti.it/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' cdn.jsdelivr.net *.iubenda.com *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com matomo.engitel.com https://unpkg.com *.google.com *.googleapis.com *.iubenda.com *.gstatic.com *.jsdelivr.net *.polyfill.io; style-src 'self' 'unsafe-inline' *.iubenda.com *.bootstrapcdn.com *.googleapis.com https://book.distribusion.com data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com https://book.distribusion.com data:; img-src 'self' https://www.googletagmanager.com matomo.engitel.com data:; connect-src 'self' https://book.api.distribusion.com https://api.distribusion.com https://o33570.ingest.sentry.io https://api2.amplitude.com https://api.lab.amplitude.com https://region1.google-analytics.com https://www.google-analytics.com https://*.iubenda.com; worker-src 'self' blob:; frame-src 'self' *.google.com *.spotify.com *.google-analytics.com *.iubenda.com;
strict-transport-security: max-age=63072000; includeSubDomains; preload