oe-eb.at
oe-eb.at
HTML metadata
Social
DNS records live
- NS
-
- sec1.rcode0.net
- sec2.rcode0.net
- MX
-
- 10 mgaterz1.oekb.co.at
- 50 mgaterz2.oekb.co.at
- TXT
-
swisssign-check=qbc0ZgAswFy75uzoZl17oB5-AxI
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:spf.protection.outlook.com mx -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:dmarc-reports@oe-eb.at; ruf=mailto:dmarc-reports@oe-eb.at; fo=1; ri=86400;policy: none (monitoring only) - DKIM
-
- selector1:
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySaa6PblZRGePX2wovpG/o24xWMDdxHtpED+EHL26Lc9hkkWIel2W//vf3b1aOGJuh4LHVMoMvosTNy/E8S1H…
selectors probed - selector1:
Certificate (current)
SwissSign RSA TLS OV ICA 2022 - 1
Expires in 81 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- weak frame protection
- weak content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN, SAMEORIGIN- x-content-type-options
nosniff, nosniff- content-security-policy
default-src 'self' blob: *.oe-eb.at eu-api.friendlycaptcha.eu api.friendlycaptcha.com; script-src 'self' 'unsafe-inline' blob: *.oe-eb.at https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; style-src 'self' 'unsafe-inline' *.oe-eb.at; img-src 'self' data: *.oe-eb.at; frame-src 'self' *.oe-eb.at www.youtube.com www.youtube-nocookie.com; frame-ancestors 'none'; font-src 'self' data: *.oe-eb.at- strict-transport-security
max-age=31622400; includeSubDomains, max-age=15552000
Links to (2)
Linked from (2)
- regmifa.com×1
- edfi.eu×1