indexo.dev

ninja.it

.it crawl

First seen 2026-05-23 · Last seen 2026-05-30 · ok HTTP/1.1 200 1160 ms crawled 2026-05-28

DE · 138.201.103.235 · AS24940 Hetzner Online GmbH

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Ninja, Unconventional Business School
Description
Scopri la Piattaforma di "formazione continua" per i Professionisti del Digital Business più completa e potente del mercato.
Language
it-IT
Generator
Redux 4.4.11
Canonical
https://www.ninja.it/
Feeds

Open Graph

url
https://www.ninja.it/
title
Home
locale
it_IT
site name
Ninja Business School
description
Scopri la Piattaforma di "formazione continua" per i Professionisti del Digital Business più completa e potente del mercato.

Technology

Server
nginx
CMS
WordPress
jQuery
3.7.1
Analytics
  • Google Tag Manager
Ads
  • Google Ads (DoubleClick)
Fonts
  • Google Fonts
Third-party hosts loaded (9)
  • cdn.scalapay.com×4
  • cdn.jsdelivr.net×3
  • cdnjs.cloudflare.com×2
  • code.jquery.com×2
  • js-eu1.hs-scripts.com×2
  • fonts.googleapis.com×1
  • gmpg.org×1
  • securepubads.g.doubleclick.net×1
  • www.googletagmanager.com×1

Social

Contact

Phone

DNS records live

NS
  • ed.ns.cloudflare.com
  • nola.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
Verified for
  • Google
  • Meta

Email authentication strong

SPF
v=spf1 include:_spf.google.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:postmaster@ninja.it, mailto:dmarc@ninja.it; pct=100; adkim=s; aspf=s
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/7gane6h7XPPIZKLNemz1Q4y57U8qoGlrFMuJHPF6jEi2SbDFGmkR4DERfqBCJEV4s68fP3AUQqmV…
selectors probed

Certificate (current)

R13
from 2026-05-27 to 2026-08-25
Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.ninja.it/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob:

Links to (7)