indexo.dev

mqw.at

.at crawl

First seen 2026-05-11 · Last seen 2026-05-16 · ok HTTP/1.1 200 11983 ms crawled 2026-05-16

DE · 88.198.17.234 · AS24940 Hetzner Online GmbH

Reputation 100/100

Classifying

HTML metadata

Title
Startpage - MuseumsQuartier Wien
Description
With 114,310 square meters of space, 61 cultural institutions, and over five million visitors annually, the MuseumsQuartier Wien is one of the world’s largest arts and culture complexes. Characterized by diversity and cosmopolitanism, the MQ has a strong international presence. It is a place where people can come together, linger, and experience culture in all its facets.
Language
en
Canonical
https://www.mqw.at/en/

Open Graph

url
https://www.mqw.at/en/
title
Startpage — MuseumsQuartier Wien
site name
MuseumsQuartier Wien
description
With 114,310 square meters of space, 61 cultural institutions, and over five million visitors annually, the MuseumsQuartier Wien is one of the world’s largest arts and culture complexes. Characterized by diversity and cosmopolitanism, the MQ has a strong international presence. It is a place where people can come together, linger, and experience culture in all its facets.

Technology

Server
nginx
CMS
Gatsby

Third-party hosts loaded (1)

  • www.google.com×1

Social

Contact

Address
MuseumsQuartier WienMuseumsplatz 11070 ViennaThe MQ site is open 24 hours a day.

DNS records live

NS
  • ns1.koschier.at
  • ns2.koschier.at
MX
  • 0 mqw-at.mail.protection.outlook.com
TXT
  • MS=ms33670311
  • google-site-verification=iJTKmp3kSr80iXygDgbFv832qgixO7qqriIfIyRjBCE

Email authentication strong

SPF
v=spf1 mx include:spf.protection.outlook.com a:smtp5.koschier.at a:smx5.koschier.at a:mqexch.mqw.at ip4:195.2.221.31 ip4:213.129.239.38 ip4:95.129.202.66 ip4:95.129.202.67 ip4:212.232.31.52 ip4:5.183.216.9 include:servers.mcsv.net -all
strict (-all)
DMARC
v=DMARC1; p=reject; pct=100; sp=reject; aspf=s; adkim=s; rua=mailto:rua@mqw.at
policy: reject (enforced) · sp=reject
DKIM
Show 4 DKIM selectors
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LLOIL70koPNaYl3KoDKmDRoSILd3+CUghhf257IdCXGfFX+Ajr+A5hd8GurEgnjo+qKgWvueb3lnr…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
  • mail: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kw3YBGJeaRFb606NJobeNzH+new8HRbH2A4ZqDfIgu5K2c8HAhYnFsG+/923Q1RxxJQgoVZp4JiEvh50fIWg…
  • dkim: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpcYQYOCDam5D8avxLUuzq92riW1HJYyKpkN1y3t25OVuDvh0/uPiSZfMDAj4c1KjfKDhRFU9/JgGety…
selectors probed

Certificate (current)

E8
from 2026-04-15 to 2026-07-14
Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.mqw.at/en/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'none'; frame-src *.google.com *.youtube-nocookie.com *.facebook.com *.twitter.com *.tiktok.com *.instagram.com; connect-src 'self' sentry.nousdigital.com *.google.com museumsquartier.matomo.cloud *.tiktok.com; frame-ancestors 'self' *.grassfish.tv https://*.grassfish.tv capacitor://*.grassfish.tv capacitor://ad.grassfish.tv; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline' *.ttwstatic.com; script-src 'self' 'unsafe-eval' 'nonce-xy96yRsJsdVh4F1LhcC4aA==' *.gstatic.com *.google.com cdn.matomo.cloud *.facebook.net *.twitter.com *.instagram.com *.tiktok.com *.ttwstatic.com; font-src 'self' data: fonts.gstatic.com
cross-origin-opener-policy
same-origin

Links to (13)

Linked from (3)