nahkauf.de

.de crawl

First seen 2026-04-26 · Last seen 2026-05-19 · ok HTTP/1.1 200 5001 ms crawled 2026-05-19

DE · 84.200.15.2 · AS44066 firstcolo GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Nahkauf - Nichts liegt näher
Description: Bei Nahkauf findest du eine große Auswahl an frischen und regionalen Produkten.
Language: de

Open Graph

url: https://www.nahkauf.de/
title: Nahkauf - Nichts liegt näher
description: Bei Nahkauf findest du eine große Auswahl an frischen und regionalen Produkten.

Technology

CDN: Cloudflare
CMS: Nuxt

Cookie consent

Usercentrics

Third-party hosts loaded (4)

a.storyblok.com×3
privacy-proxy.usercentrics.eu×3
app.usercentrics.eu×2
api.usercentrics.eu×1

Registration

Updated

2026-02-13

Name servers

ns2.xc-ns.de.
ns5.xc-ns.de.

DNS records live

NS

ns2.xc-ns.de
ns5.xc-ns.de

MX

10 mxa-001d0c01.gslb.pphosted.com
10 mxb-001d0c01.gslb.pphosted.com

TXT

atlassian-domain-verification=rWCxzKFqoqrbYzN9TZpsXZUsSVjOaRMh3aR8UL7wwXCMbz8zFYvlZEFPrAhY1tdN
MS=ms10449508

Email authentication partial

SPF: v=spf1 include:spf-001d0c01.pphosted.com include:spf-001d0c03.pphosted.com -all
strict (-all)
DMARC: v=DMARC1; p=none; pct=100; rua=mailto:re+cphng57q14m@dmarc.postmarkapp.com; sp=none; aspf=r;
policy: none (monitoring only) · sp=none
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-28 to 2026-07-27

Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.nahkauf.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; font-src 'self' https: data: https://fonts.gstatic.com; form-action 'self'; img-src 'self' https: data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.usercentrics.eu; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com assets.adobedtm.com blob: https://app.storyblok.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; connect-src 'self' https://api.storyblok.com https://a.storyblok.com https://a2.storyblok.com https://*.usercentrics.eu https://*.googleapis.com *.google.com https://*.gstatic.com metrics.rewe.de data: blob:; frame-src 'self' *.google.com; media-src 'self' https://a.storyblok.com https://a2.storyblok.com; worker-src blob:; frame-ancestors https://app.storyblok.com;
strict-transport-security: max-age=63072000

Links to (1)

rewe.de×2