nivea.com.co
HTML metadata
Technology
- CDN
- Azure Front Door
- Analytics
-
- Google Analytics
- Google Tag Manager
- Ads
-
- Google Ads (DoubleClick)
- Meta Pixel
Third-party hosts loaded (12)
- img.nivea.com×20
- www.googletagmanager.com×4
- cdn.bunchbox.co×1
- cdn.consentmanager.mgr.consensu.org×1
- connect.facebook.net×1
- consentmanager.mgr.consensu.org×1
- googleads.g.doubleclick.net×1
- s2.adform.net×1
- stats.g.doubleclick.net×1
- track.adform.net×1
- www.facebook.com×1
- www.google-analytics.com×1
Social
DNS records live
- NS
-
- ns1.netnames.net
- ns2.netnames.net
- ns5.netnames.net
- ns6.netnames.net
- TXT
-
google-site-verification=7UQ90U-EJZ0XQLtCFIVQxwPk-4RlaBrBBO0lPAZOrD8google-site-verification=5eBiogMvtm3pgXJrinwVet_xFNC39UlTNKSScobhsxw
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; fo=1; rua=mailto:beiersdorf@rua.agari.com; ruf=mailto:beiersdorf@ruf.agari.compolicy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 48 days
HTTP security headers
- present
-
- content-security-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: