oest.de
HTML metadata
Technology
- Server
- Apache
Third-party hosts loaded (1)
- www.oestgroup.com×1
Social
Registration
- Updated
- 2019-09-11
- Name servers
-
- ns1.your-server.de.
- ns3.second-ns.de.
- ns.second-ns.com.
DNS records live
- NS
-
- ns.second-ns.com
- ns1.your-server.de
- ns3.second-ns.de
- MX
-
- 10 de-smtp-inbound-1.mimecast.com
- 10 de-smtp-inbound-2.mimecast.com
- TXT
-
Show 5 TXT records
have-i-been-pwned-verification=4e014a144309d4eee6549bf2689a1d1av=spf1 +a +mx include:de._netblocks.mimecast.com include:spf.protection.outlook.com include:spf.eu.signature365.net ?allapple-domain-verification=42IExFTMdRHWdhird365mktkey=AhOLnVcBxDMZ5qD044Bx5psrS7Ar6AF4Dpvtr4eOVRkxduo_sso_verification=mIJ7SDlk8DgCvi3LwepGlqGHGs2WJzdpOrP611VWfDZdCwNXJTydlgDZcDGNpl9Y
Certificate (current)
R12
Expires in 63 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src 'self' https://www.youtube.com https://www.avia.de https://energieshop.avia.de https://www.youtube-nocookie.com https://myjobboard.de https://i.ytimg.com; script-src 'self' https://www.avia.de/fileadmin/avia-bootstrap/js/iframeResize.js https://energieshop.avia.de/tools/js/iframeResize.js https://www.youtube-nocookie.com https://stats.oest.de/matomo.js; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://stats.oest.de; manifest-src 'self'; media-src 'self';- strict-transport-security
max-age=63072000; includeSubdomains; preload