indexo.dev

oppla.eu

.eu crawl

First seen 2026-04-20 · Last seen 2026-05-14 · ok HTTP/1.1 200 2872 ms crawled 2026-05-14

FR · 20.74.41.190 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
Home | Oppla
Description
Oppla is a global knowledge platform bringing together the latest research on natural capital, ecosystem services and nature-based solutions.
Language
en-gb
Generator
Drupal 10 (https://www.drupal.org)
Canonical
https://oppla.eu/

Technology

CMS
Drupal
Analytics
  • Plausible

Third-party hosts loaded (1)

  • plausible.io×1

Social

DNS records live

NS
  • ns1.mythic-beasts.com
  • ns2.mythic-beasts.com
MX
  • 10 mail.protonmail.ch
  • 20 mailsec.protonmail.ch
TXT
  • brevo-code:e8bcdeaf8c3ff15aab66301d83c8e85c
  • protonmail-verification=917e2d73b3c5f5d4abff48049e7d46bc5adbf608
  • google-site-verification=lBgB5YOYHzMn-JOIpAjMiD0PeVk2wJsE2GekUWqhs8g

Email authentication strong

SPF
v=spf1 a:oppla.eu include:_spf.protonmail.ch include:em5272.oppla.eu ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.brevo.com
policy: quarantine
DKIM
  • mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed

Certificate (current)

E8
from 2026-05-11 to 2026-08-09
Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://oppla.eu/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://maps.googleapis.com https://fonts.googleapis.com https://plausible.io https://public.flourish.studio https://flo.uri.sh; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: *.w3.org ; media-src 'self'; frame-src 'self' https://www.youtube.com https://*.youtube.com https://youtube.com https://flo.uri.sh; frame-ancestors 'self'; child-src 'self'; font-src 'self' data:;; connect-src 'self' https://plausible.io; report-uri /report-csp-violation; upgrade-insecure-requests

Links to (3)

Linked from (2)