indexo.dev

mlg-neukoelln.de

.de crawl

First seen 2026-04-16 · Last seen 2026-05-18 · ok HTTP/1.1 200 2802 ms crawled 2026-05-11

DE · 188.68.47.108 · AS197540 netcup GmbH

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Evangelische Kirchengemeinde Martin-Luther-Genezareth
Language
de
Generator
WordPress 6.8.5
Canonical
https://www.mlg-neukoelln.de/
Feeds

Technology

Server
nginx
CMS
WordPress

Third-party hosts loaded (1)

  • s7.addthis.com×1

Contact

Email
Phone
Address
st. Wir sind mit dem 1. Januar 2026

Registration

Updated
2025-12-29
Name servers
  • root-dns.netcup.net.
  • second-dns.netcup.net.
  • third-dns.netcup.net.

DNS records live

NS
  • root-dns.netcup.net
  • second-dns.netcup.net
  • third-dns.netcup.net
MX
  • 10 mlg-neukoelln.in.tmes.trendmicro.eu

Email authentication partial

SPF
v=spf1 a mx include:spf.tmes.trendmicro.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-05-03 to 2026-08-01
Expires in 73 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.mlg-neukoelln.de/

present
  • content-security-policy
  • permissions-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
Header values
permissions-policy
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")
content-security-policy
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com *.lottiefiles.com;img-src 'self' data: blob:; object-src 'self' data: blob: ; frame-src 'self' data: blob:

Links to (1)

Linked from (2)