mobilelogin.ch
HTML metadata
Technology
Third-party hosts loaded (1)
- challenges.cloudflare.com×1
DNS records live
- NS
-
- dns1.telecom.li
- dns2.telecom.li
- MX
-
- 10 mx01.fl1.li
- 10 mx02.fl1.li
- TXT
-
_kfitavj0udle7b4avub2f4ffkm6xdpt
Email authentication weak
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
DigiCert Global G2 TLS RSA SHA256 2020 CA1
Expires in 128 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- permissions-policy
geolocation=(self), layout-animations=(self), legacy-image-formats=(self), oversized-images=(self), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), web-share=(self)- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; default-src 'self'; script-src 'nonce-bPuQ-NYlUmiFpWGqi5fGGA' https://challenges.cloudflare.com; frame-src https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; img-src 'self' data: https://a.storyblok.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; form-action 'self' https://ida2.llv.li https://ida2a.llv.li https://login.eid.li https://eidli.page.link; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'- strict-transport-security
max-age=63072000; includeSubDomains; preload- cross-origin-opener-policy
same-origin-allow-popups- cross-origin-embedder-policy
require-corp- cross-origin-resource-policy
same-origin