indexo.dev

nebau.at

.at crawl

First seen 2026-05-30 · Last seen 2026-05-31 · ok HTTP/1.1 200 735 ms crawled 2026-05-31

DE · 153.92.193.89 · AS15817 Mittwald CM Service GmbH & Co. KG

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Startseite - Neue Eisenstädter
Language
de
Generator
TYPO3 CMS
Canonical
https://www.nebau.at/

Technology

Server
Apache
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Contact

Phone

DNS records live

NS
  • ns1.world4you.at
  • ns2.world4you.at
MX
  • 10 mx-01-eu-central-1.prod.hydra.sophos.com
  • 20 mx-02-eu-central-1.prod.hydra.sophos.com
TXT
  • sophos-domain-verification=5d2798c42c90cd81a33750bed27a69718ce84c55ed9cafd0514ad0dbba58a63f
  • sophos-domain-verification=c7aa6faf856a3983425459047d5929711097a085
Verified for
  • Google
  • Microsoft 365

Email authentication weak

SPF
v=spf1 mx ip4:95.143.230.157 include:spf.protection.outlook.com include:_spf_eucentral1.prod.hydra.sophos.com include:agenturserver.de -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-05-09 to 2026-08-07
Expires in 67 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.nebau.at/

present
  • strict-transport-security
  • content-security-policy
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(self "https://www.youtube.com/" "https://vimeo.com/"), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), corss-origin-isolated=(), display-capture=(), document-origin=(), encrypted-media=(), fullscreen=(), gamepad=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self "https://www.youtube.com/" "https://www.youtube-nocookie.com/" "https://vimeo.com/"), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(self), window-management=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'nonce-5-xRxgzRB-d0bRLbC6HdsOFVWabGvzKvsQNmty96RelQfD6GgKLNnQ' 'sha256-nRmjMs/Y+bisJ9TCpR+pj+XFwT7iKLfzquJI8VFHP9U=' 'sha256-LRRjLydbW93eLGeQWgfrET7emI4KgqSZFDvUJhwWSfo=' 'sha256-Pq5LPaxfVcVIsSaw+xMZdCYIJ+p5Jy6Va/rFkGP1Hr8=' https://*.tiktok.com https://*.ttwstatic.com/obj/tiktok-web/tiktok/ 'sha256-3U+TEOs+Qjdi5XKpBMvfUxwqBhej6EqRGjlTxTwDwYo=' https://*.cookiebot.eu/ https://*.facebook.net/ 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.tiktokcdn.com https://*.instagram.com https://maps.gstatic.com https://maps.googleapis.com https://*.google.com https://*.google.at https://*.googleadservices.com https://*.g.doubleclick.net https://*.googletagmanager.com https://*.cookiebot.eu/ https://*.googlesyndication.com/ https://*.facebook.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.v
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy-report-only
default-src 'self'; script-src 'self' 'nonce-5-xRxgzRB-d0bRLbC6HdsOFVWabGvzKvsQNmty96RelQfD6GgKLNnQ' 'sha256-nRmjMs/Y+bisJ9TCpR+pj+XFwT7iKLfzquJI8VFHP9U=' 'sha256-LRRjLydbW93eLGeQWgfrET7emI4KgqSZFDvUJhwWSfo=' 'sha256-Pq5LPaxfVcVIsSaw+xMZdCYIJ+p5Jy6Va/rFkGP1Hr8=' https://*.tiktok.com https://*.ttwstatic.com/obj/tiktok-web/tiktok/ 'sha256-3U+TEOs+Qjdi5XKpBMvfUxwqBhej6EqRGjlTxTwDwYo=' https://*.cookiebot.eu/ https://*.facebook.net/ 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.tiktokcdn.com https://*.instagram.com https://maps.gstatic.com https://maps.googleapis.com https://*.google.com https://*.google.at https://*.googleadservices.com https://*.g.doubleclick.net https://*.googletagmanager.com https://*.cookiebot.eu/ https://*.googlesyndication.com/ https://*.facebook.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.v

Links to (3)

Linked from (1)