indexo.dev

nendaz.ch

.ch crawl

First seen 2026-05-29 · Last seen 2026-05-31 · ok HTTP/1.1 200 1359 ms crawled 2026-05-31

CH · 16.63.42.84 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Welcome to Nendaz, the heart of the 4 Vallées | Nendaz Switzerland
Description
Welcome to Nendaz, nestled in the heart of the biggest ski area of Switzerland, offering unique mountain experiences and stunning views all year round!
Language
en
Generator
MyCity Tourism Information System
Canonical
https://www.nendaz.ch/en/
Translations
  • de
  • en
  • fr

Open Graph

title
Welcome to Nendaz, the heart of the 4 Vallées | Nendaz Switzerland
description
Welcome to Nendaz, nestled in the heart of the biggest ski area of Switzerland, offering unique mountain experiences and stunning views all year round!

Technology

CDN
Amazon CloudFront
Server
Apache
jQuery
2.1.3 known XSS (<3.5)
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • static.mycity.travel×11
  • www.googletagmanager.com×2
  • api.mapbox.com×1
  • js-eu1.hs-scripts.com×1
  • www.chatbase.co×1
  • www.google.com×1

Social

Contact

Phone

DNS records live

NS
  • ns1.infomaniak.ch
  • ns2.infomaniak.ch
MX
  • 10 mx-01-eu-central-1.prod.hydra.sophos.com
  • 10 mx-02-eu-central-1.prod.hydra.sophos.com
TXT
  • sophos-domain-verification=0546314f6f4772ce9e7c13feed7b44d3e7d56245
  • have-i-been-pwned-verification=80265092f3340b1db6a2882df4ec8ff3
  • sophos-domain-verification=9e68ad82a340bc978abbf38648e3032a6fea1ed4601777e16ec6ae8614216e77
Verified for
  • Google

Email authentication partial

SPF
v=spf1 include:spf.infomaniak.ch include:_spf_eucentral1.prod.hydra.sophos.com include:amazonses.com include:spf.protection.outlook.com include:_spf.zimpel.de include:147777522.spf06.hubspotemail.net ip4:3.73.232.83 -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDerzGzjhy/IHuDfm9WKr3ZACRNzvzb4khwE7vPUh7yR58nd7daEjt/Bxu3F7tLxupyf6gnz1ICHwVnEQH6O8…
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

Amazon RSA 2048 M01
from 2026-04-14 to 2026-10-29
Expires in 150 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.nendaz.ch/en/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' static.mycity.travel static.nendaz.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *;
strict-transport-security
max-age=7776000

Links to (9)

Linked from (1)