mleasing.pl

HTML metadata

Title: mLeasing - leasing samochodow, maszyn i sprzetu
Description: mLeasing - leasing samochodów, maszyn i sprzętu
Language: pl
Generator: Gatsby 3.2.1

Open Graph

url: https://mleasing.pl
title: mLeasing.pl – leasingujemy Twoje plany, cele, marzenia!
site name: mLeasing
description: Szukasz finansowania? Poznaj ofertę mLeasingu dla firm i rozwijaj skrzydła dzięki nowoczesnym rozwiązaniom.

Technology

Server: nginx
CMS: Gatsby 3.2.1

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Phone

+48223600600

DNS records live

NS

ns1.internetia.pl
ns1.mleasing.pl
ns2.internetia.pl
ns2.mleasing.pl

MX

30 mx.mleasing.pl
40 mesg01.mleasing.pl
40 mesg02.mleasing.pl
40 mesg03.mleasing.pl

TXT

inTgWQk7Dwk/reMRDjTAkpost37PbZJz7ijwPwXuAUZVMTNrW8KgELmDwVOzNcpsqDLgTyskK+28P8/eumv/1w==
mojecertpl-site-verification-J66nqTWcTNv4ev0gtYK8UDncs7Q2sRpV

Verified for

Apple
Google
Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:213.17.175.170 ip4:213.17.175.171 ip4:87.204.54.44 a mx include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1;p=quarantine;sp=quarantine;fo=1:d:s;pct=100;rua=mailto:dmarc-reports@mleasing.pl;ruf=mailto:dmarc-reports@mleasing.pl;adkim=r;aspf=r;ri=43200

policy: quarantine · sp=quarantine

DKIM

mail: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSXEjU4LLb7KNKbSA/0raQowKobbDRwEen2hU6YtKoUCGBSfsNoPlV+I6WAJM1ohv6Iif3f/peopn2XrvNwxu…

selectors probed

Certificate (current)

RapidSSL TLS RSA CA G1

from 2025-06-03 to 2026-06-05

Expires in 4 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://mleasing.pl/

present

strict-transport-security
content-security-policy
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: base-uri mleasing.pl; default-src 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' googleads.g.doubleclick.net *.bing.com *.callpage.io *.mbiscuit.mbank.pl *.google.com cdnjs.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.pl *.google.com *.facebook.com connect.facebook.net *.3way.pl *.googleapis.com *.googletagmanager.com *.gstatic.com pagead2.googlesyndication.com script.hotjar.com static.hotjar.com cdn-widget.callpage.io; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.callpage.io *.3way.pl *.googleapis.com; img-src 'self' data: fonts.gstatic.com *.googlesyndication.com *.bing.com ad.doubleclick.net googleads.g.doubleclick.net *.google.pl *.callpage.io *.google.com *.google-analytics.com region1.google-analytics.com *.facebook.com fc10.3way.pl maps.googleapis.com maps.gstatic.com *.googletagmanager.com storage.googleapis.com; font-src 'self' data: *.mbiscuit.mbank.pl cdnjs
strict-transport-security: max-age=31536000; includeSubdomains;