indexo.dev

nitka24.pl

.pl crawl

First seen 2026-06-02 · Last seen 2026-06-02 · ok HTTP/1.1 200 257 ms crawled 2026-06-02

PL · 185.135.91.93 · AS203417 LH.pl Sp. z o.o.

Reputation 100/100

sector other type homepage

HTML metadata

Title
Nitka24
Language
pl-PL
Canonical
https://nitka24.pl/
Feeds

Technology

Server
Apache
CMS
WordPress

Third-party hosts loaded (1)

  • maps.googleapis.com×2

Social

Contact

Phone

DNS records live

NS
  • ns.lh.pl
  • ns2.lighthosting.net
MX
  • 5 mail20.lh.pl

Email authentication strong

SPF
v=spf1 include:_spf.lh.pl -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:dmarc-report@lh.pl;
policy: quarantine
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq5CR6ej56IT/TQNslJIU1LRxeY2ivpkyJXYZzEoJAJKe7n+xv+AS/CcTsyQuDgm9XEb2m2YwrXv+/…
selectors probed

Certificate (current)

E8
from 2026-04-09 to 2026-07-08
Expires in 34 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://nitka24.pl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(self), midi=(self), sync-xhr=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=*, speaker=*, fullscreen=(self), payment=(self)
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: maps.googleapis.com cdn.jsdelivr.net https://cdn-cookieyes.com https://*.cookieyes.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob:; img-src 'self' data: blob: https: maps.gstatic.com *.googleapis.com *.ggpht.com https://secure.gravatar.com https://*.gravatar.com https://cdn.shortpixel.ai https://*.cookieyes.com https://cdn-cookieyes.com https://s.w.org https://ps.w.org; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ws: wss: https://maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com wp-admin/admin-ajax.php https://*.cookieyes.com https://cdn-cookieyes.com https://api.wordpress.org https://downloads.wordpress.org; worker-src 'self' blob:; frame-src 'self' blob: https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.openstreetmap.org https://*.cookieyes.com; frame-ancestors
strict-transport-security
max-age=2592000; includeSubDomains

Links to (5)

Linked from (1)