museucasadamoeda.pt
HTML metadata
Technology
- Server
- Apache
- jQuery
- 2.2.3 known XSS (<3.5)
- Stack
- Laravel
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- cdnjs.cloudflare.com×4
- fonts.googleapis.com×3
- www.googletagmanager.com×1
Social
DNS records live
- NS
-
- ns-a1.vodafone.pt
- ns-a2.vodafone.pt
- ns.incm.pt
- ns2.webside.pt
- TXT
-
_fsklqaf5vl1p6v5e82s7xl7twwq1y6i
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Thawte TLS RSA CA G1
Expires in 36 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' https://www.google.pt https://cdn.tinymce.com http://incm.indexrerum.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com http://www.w3.org/WAI/wcag2AA-blue https://stats.g.doubleclick.net https://www.google.com; frame-src 'self' https://player.vimeo.com http://maps.google.com https://www.google.com https://maps.googleapis.com; script-src 'self' https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google-analytics.com http://maps.googleapis.com https://cdn.tinymce.com https://code.jquery.com/ui/1.12.1/jquery-ui.js; style-src 'self' 'unsafe-inline' https://cdn.tinymce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com;- strict-transport-security
max-age=31536000
Links to (4)
- twitter.com×1
- instagram.com×1
- incm.pt×1
- facebook.com×1