neoscon.io
HTML metadata
Technology
- CMS
- Gatsby
Social
DNS records live
- NS
-
- ns1.sandstorm-media.de
- ns2.sandstorm-media.de
- TXT
-
google-site-verification=Ymfb53CLnwhhxvPL9FwqDS8XhLqs9sD9tddvyZ1mZcc
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 53 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
same-origin- x-frame-options
sameorigin- permissions-policy
camera=(), display-capture=(), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; connect-src 'self' https://analytics.neos.io/; default-src 'self'; form-action 'self' https://m.neos.io/ https://typo3.us3.list-manage.com/; img-src 'self' data https://analytics.neos.io/ https://uptimerobot.com https://i.ytimg.com https://www.youtube-nocookie.com/ https://user-images.githubusercontent.com/ *.tile.openstreetmap.org/ https://raw.githubusercontent.com/ https://camo.githubusercontent.com/ https://m.neos.io/ https://www.gravatar.com/ https://img.youtube.com/; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://app.goessential.com/ https://analytics.neos.io/ https://m.neos.io/; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.neos.io/ https://www.youtube-nocookie.com/ https://www.google.com/ https://app.goessential.com https://m.neos.io/ https://slack.neos.io; style-src 'self' 'unsafe-inline' data https://www.youtube.com/ https://www.youtube-nocookie.com/ https://m.neos.io- strict-transport-security
max-age=31536000