onedelivery.cz
HTML metadata
Technology
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (3)
- a.allegroimg.com×45
- assets.allegrostatic.com×20
- www.googletagmanager.com×2
Social
DNS records live
- NS
-
- dns1.allegro.pl
- dns2.allegro.pl
- dns3.allegro.pl
- dns4.allegro.pl
- MX
-
- 10 allegro.in.tmes.trendmicro.eu
- TXT
-
dhe2ie4n3s2yepsnfsbidpnnym9lhi2r6ch0rdlgftwqdysbl2fs4k2hq3lkqvn_dhe2ie4n3s2yepsnfsbidpnnym9lhi2
- Verified for
-
Email authentication strong
- SPF
-
v=spf1 include:_spf.google.com include:spf.tmes.trendmicro.com include:spf.protection.outlook.com ip4:193.23.48.0/24 ip4:193.203.222.0/23 ip4:194.0.251.0/24 ip4:178.21.152.0/21 ip4:5.134.208.0/21 ip4:91.194.188.0/23 ip4:91.207.14.0/23 ip4:185.31.24.0/22 -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; adkim=r; aspf=r; rf=afrf;policy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
DigiCert Global G2 TLS RSA SHA256 2020 CA1
Expires in 117 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
object-src 'none'; base-uri 'none'; script-src https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://ngastatic.com https://www.googletagmanager.com https://assets.allegrostatic.com https://adservice.google.pl https://adservice.google.com https://pay.google.com https://securepubads.g.doubleclick.net https://ad.doubleclick.net https://allegro.hit.gemius.pl https://connect.facebook.net https://nebula-cdn.kampyle.com https://www.googletagservices.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.youtube.com https://player.vimeo.com https://www.googleadservices.com https://s.ytimg.com https://www.google-analytics.com https://secure.payu.com https://secure.przelewy24.pl/js https://static.prod.allegrocde.com/sdk/ https://maps.googleapis.com https://www.gstatic.com/cloud 'nonce-ymOJUtFzy1EfTPQMXg+Q8g==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'- strict-transport-security
max-age=15552000
Links to (7)
- wedo.cz×1
- linkedin.com×1
- instagram.com×1
- google.com×1
- facebook.com×1
- apple.com×1
- allegrostatic.com×1