indexo.dev

nivea.at

.at crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 1113 ms crawled 2026-05-30

US · 104.210.154.101 · AS8075 Microsoft Corporation

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Homepage - NIVEA
Description
Willkommen auf der NIVEA Website! Wir bieten Ihnen tolle Tipps und spannende Möglichkeiten rund um die beliebten Hautpflegeprodukte von NIVEA.
Language
de-AT
Canonical
https://www.nivea.at

Open Graph

title
Homepage - NIVEA
description
Willkommen auf der NIVEA Website! Wir bieten Ihnen tolle Tipps und spannende Möglichkeiten rund um die beliebten Hautpflegeprodukte von NIVEA.

Technology

CDN
Azure Front Door
Analytics
  • Google Analytics
  • Google Tag Manager
Third-party hosts loaded (8)
  • img.nivea.com×21
  • tm-eu.beiersdorf.com×2
  • www.googletagmanager.com×2
  • cdn.bunchbox.co×1
  • cdn.consentmanager.net×1
  • delivery.consentmanager.net×1
  • img.nivea.com ×1
  • www.google-analytics.com×1

Social

DNS records live

NS
  • ns1.netnames.net
  • ns2.netnames.net
  • ns5.netnames.net
  • ns6.netnames.net
MX
  • 20 nivea-at.mail.protection.outlook.com
TXT
  • 4zHD8xmVtaJFUqab7Op6Wuct3SZFroJswTyYVBocYpyB2AlnXvUKS6zdjaQtL3s2XYfGamTAaqzqp7HLVgdPDA==
  • 00D0E000000HM24=1TB9K0000000Ooj;00D5r0000004hvC=1TBFg0000002hKD;00D5t0000004g03=1TB9b0000000Kht;00D2p000000PTrC=1TBc1000000015l;00D7a0000005GAx=1TB9Z0000000RHx;00DD0000000l4D3=1TBbI00000006dJ
Verified for
  • Google
  • Meta
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:185.220.228.128/30 ip4:87.253.235.224 include:spf.protection.outlook.com include:spf.servicemail24.de -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; rua=mailto:beiersdorf@rua.agari.com; ruf=mailto:beiersdorf@ruf.agari.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-07 to 2026-07-06
Expires in 35 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.nivea.at/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:

Links to (4)

Linked from (2)