indexo.dev

ovb.cz

.cz crawl

First seen 2026-05-31 · Last seen 2026-06-03 · ok HTTP/1.1 200 921 ms crawled 2026-06-01

DE · 192.109.14.226 · AS24861 SITS Deutschland GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
OVB Allfinanz, a.s. ČR
Description
Ať už se jedná o investice, úvěry, pojištění nebo zabezpečení na stáří, jsme pro Vás dlouhodobým partnerem. Kontaktujte nás a zjistěte více!
Language
cs-CZ
Generator
TYPO3 CMS
Canonical
https://www.ovb.cz/

Technology

Server
Apache
jQuery
1.10.2 known XSS (<3.5)

Social

Contact

Email
Phone
Address
V Parku 2343/24, 148 00, Praha 4 – Chodov, Praha 4-Chodov, CZ

DNS records live

NS
  • ns1.ignum.com
  • ns2.ignum.cz
MX
  • 10 ovb-cz.mail.protection.outlook.com
TXT
Show 5 TXT records
  • _e78zq3nzc1dtn2f8t38ynxhojtm9gvh
  • mq4b9ztg3pqlbmlz6f0d2sys6jkz58g6
  • tf52fmxsjkzg73w5wtgqg8swqyc8d8jb
  • ogOQONtkNbzp29OVLtIdeeWB6l8SSGYFv9y581It702IZJOuzXKpx2ibVF3mPXw2sAOwB1YPvPqPfzI2OWqidQ==
  • 133-c3k-935
Verified for
  • Apple
  • Zoom

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net ip4:192.109.14.200/32 ip4:185.119.216.176/32 include:spf.smartemailing.cz include:news.ovb.email include:spf.flowmailer.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email;
policy: none (monitoring only)
DKIM
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/FcftuEOn/KBw0+KP9eIhOF/Mlx6zPR0lWWP6kcoSioUqzAoELFF0gHOs9h8hAuqtZriM2GjFmorzmgKk9q…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

Thawte TLS RSA CA G1
from 2026-04-15 to 2026-10-31
Expires in 148 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.ovb.cz/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
sameorigin
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'nonce-6AsbqpWaYd21viMeOl0maw1wMwFLXoCUvzoRTV-xvTMJ9FPK1eoJQg' https://*.googleapis.com https://jawj.github.io https://cdn.jsdelivr.net 'sha256-3bzWVxQE32IZQKH9eh8KzyHuhXOlMrboDVVBRd0fWTU=' 'wasm-unsafe-eval' 'sha256-Uj/v88tG3kktFGTzlVxe8oOKd3rg17YwEeVwFtPNtvE=' 'sha256-pfixIGc8rh/hm4xiRYqTpHN24rP5HFVHwo8hte5EgzY=' 'sha256-jT5sGWQmoSPNyLNtSXFAaRSLGlWV8E1yUrcPfxQ6y2Q=' 'sha256-abPq+DkEHMZiz/7e0xgxn09M+2bNYLByVVJlqlWRMR8=' 'sha256-qk7Y7QUzWPp+l/7i4Yna2mjoTNG6hcmrppqgvTyOzjY=' https://www.ovb.cz 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.de https://stats.g.doubleclick.net; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.frcapi.com https://*.googletagmanager.com; style-src-e
strict-transport-security
max-age=31536000; includeSubDomains

Links to (6)

Linked from (2)