nanopower.eu
HTML metadata
Social
Contact
- Phone
DNS records live
- NS
-
- ns1.telekom-domains.de
- ns2.telekom-domains.de
- MX
-
- 10 pio02.vas-server.cz
- TXT
-
MS=5B24C579448BD668D5FFE9A78770E8D9D0D5EAFB
Email authentication weak
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E8
Expires in 31 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'self'; img-src 'self' *.google-analytics.com/ *.consentmanager.net/ data: blob:; script-src-elem 'self' 'unsafe-inline' *.acsbapp.com/ *.google-analytics.com/ *.consentmanager.net/ *.googletagmanager.com/; script-src 'self' 'unsafe-eval' blob:; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self'; media-src 'self' blob:; frame-src *.ebz-group.com/ *.matterport.com/ *.youtube-nocookie.com/ *.consentmanager.net/ 'self'; connect-src *.acsbapp.com/ *.google-analytics.com/ *.consentmanager.net/ 'self' blob:;- strict-transport-security
max-age=31536000; includeSubDomains