neubiberg.de
HTML metadata
Technology
- Server
- nginx
Third-party hosts loaded (2)
- ccm.ceasy.de×1
- prod-chat-app.neurabot.neuraflow.de×1
Contact
- Phone
Registration
- Updated
- 2021-09-07
- Name servers
-
- ns3.dns.space.net.
- ns4.dns.space.net.
- ns.space.net.
DNS records live
- NS
-
- ns.space.net
- ns3.dns.space.net
- ns4.dns.space.net
- MX
-
- 100 gatekeeper.space.net
- 100 gatekeeper.spacenet.de
- TXT
-
MS=176FE237E09009365DCEA756D6D13D115F2FA31Bh9bq3uh9bohldhnja9sq5u5hvm
Email authentication weak
- SPF
-
v=spf1 a mx ip4:195.226.178.18 a:mail.neubiberg.de ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Starfield Secure Certificate Authority - G2
Expires in 146 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), vr=(), speaker=(), ambient-light-sensor=(), gyroscope=(), microphone=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' neubiberg.de *.neubiberg.de *.ceasy.de data: 'unsafe-inline' https: wss:; form-action 'self' *.neubiberg.de; object-src 'none'; frame-ancestors 'self'; script-src data: blob: 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self' neubiberg.de *.neubiberg.de *.ceasy.de- strict-transport-security
max-age=15768000; includeSubDomains