indexo.dev

ostral.ch

.ch crawl

First seen 2026-06-01 · Last seen 2026-06-02 · ok HTTP/1.1 200 750 ms crawled 2026-06-02

CH · 83.228.209.244 · AS29222 Infomaniak Network SA

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
OSTRAL | Ostral
Language
de
Generator
Drupal 10 (https://www.drupal.org); Commerce 2
Canonical
https://www.ostral.ch/de/ostral
Translations
  • de
  • fr
  • it

Technology

CDN
Fastly
Server
nginx
CMS
Drupal
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts
Social widgets
  • YouTube Embed

Third-party hosts loaded (3)

  • use.typekit.net×1
  • www.googletagmanager.com×1
  • www.youtube.com×1

Contact

Email

DNS records live

NS
  • ns-cloud-b1.googledomains.com
  • ns-cloud-b2.googledomains.com
  • ns-cloud-b3.googledomains.com
  • ns-cloud-b4.googledomains.com
MX
  • 10 ostral-ch.mail.protection.outlook.com
TXT
  • zwGDDqG14oZ2XK4EA9tOpXJnl/ZWD6pJZ0ypTq7Xt7CxivyGbSQXAp2kT48hQKyTJrXUcHqGdf/9KLreGcZ1A==
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:spf.protection.outlook.com include:spf.amazee.io ip4:83.228.209.244 -all
strict (-all)
DMARC
not published
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC43/qWoGF4E2Gq4dkaaLDCQutHMrQKQXYxabHLth8vynVpiyEtscXzaqYDZExShaYxw6BxVCLGC1XdtnhYh0…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYnY1h+sR2d60rSmyBaeXfTe4szB6J7aqaoVXkY3bKpsvOt716oZZ4gjSckqpY2r4fOnd9sUYDrK7UO1Egw8…
selectors probed

Certificate (current)

E8
from 2026-04-03 to 2026-07-02
Expires in 29 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.ostral.ch/de

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • weak content type protection
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
permissions-policy
interest-cohort=()
x-content-type-options
nosniff, nosniff
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://js-agent.newrelic.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://apis.google.com https://www.gstatic.com https://player.vimeo.com https://cdn.syndication.twimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-ele
strict-transport-security
max-age=31536000; includeSubDomains

Links to (1)

Linked from (1)