mybestwellness.com
mybestwellness.com
HTML metadata
Technology
- Server
- Microsoft-IIS
- jQuery
- 3.3.1 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- bestwellnesshotels.brain-behind.com×12
- fonts.googleapis.com×3
- www.googletagmanager.com×2
Social
Contact
- Phone
Registration
- Registrar
- InterNetX GmbH
- Created
- 2000-12-17
- Expires
- 2026-12-17 199 days left
- Updated
- 2025-12-18
- Name servers
-
- alina.ns.cloudflare.com
- brady.ns.cloudflare.com
DNS records live
- NS
-
- alina.ns.cloudflare.com
- brady.ns.cloudflare.com
- MX
-
- 10 scan.mx.vioma.de
- Verified for
-
Email authentication weak
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
SSL2BUY EMEA RSA Domain Validation Secure Server CA
Expires in 145 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- cross-origin-opener-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
Allow-From https://www.wellnesshotel.com- x-content-type-options
nosniff- content-security-policy
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; child-src * 'unsafe-eval' 'unsafe-inline'; form-action * 'unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.brain-behind.com;- strict-transport-security
max-age=31536000; includeSubdomains; preload- cross-origin-opener-policy
same-origin-allow-popups