ovb.es

.es crawl

First seen 2026-04-13 · Last seen 2026-05-13 · ok HTTP/1.1 200 593 ms crawled 2026-05-06

DE · 192.109.14.226 · AS24861 SITS Deutschland GmbH

Reputation 100/100

Classifying

HTML metadata

Title: OVB Allfinanz España S.A.
Description: Ya sean pensiones, protección o la estrategia adecuada para un futuro financiero tranquilo, estamos a tu lado cuando se trata de estas cuestiones. ¡Queremos ser tu consultoría financiera!
Language: es-ES
Generator: TYPO3 CMS
Canonical: https://www.ovb.es/

Technology

Server: Apache

Social

Contact

Phone

+34914471028

Address

Pza. Manuel Gómez Moreno, 2 8ªA28020

DNS records live

NS

ns-1185.awsdns-20.org
ns-1780.awsdns-30.co.uk
ns-567.awsdns-06.net
ns-75.awsdns-09.com

MX

10 mail.ovb.es

TXT

Show 8 TXT records

ZOOM_verify_H-GxSDCNS6yljGnk1jGorw
adobe-idp-site-verification=58a6a242b5732d60acc8b09549a4234d1fe09da59a22dd6dff4b3ea4b6bf4867
google-site-verification=JRQZrGVLY8cx0E65XPQIILLgwQ0819faEK3NGyn9qBc
google-site-verification=s6QwZzLLzP9-CGF5LqCi_cXSUlMY_HXxL7dJQnr9pXA
j9k5j13zr013lbkv2fmzjd3pv6t7k1jv
pw4h1k8fkcxc9qmknqrbxj7b1gts3wl0
yj58fgf047b2r6zn7ksjswnp844p4lg7
yzt5v80h23pwkc92kllqbyyq9s3yhwhy

Email authentication strong

SPF: v=spf1 mx include:icw.ovb.email include:news.ovb.email include:spf.ipzmarketing.com include:spf.flowmailer.net include:emsd1.com -all
strict (-all)
DMARC: v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@ovb-mail.eu; fo=1
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-03-25 to 2026-06-23

Expires in 35 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.ovb.es/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'nonce-SUKTjcpAzjZv55zRG5oDGcxd7_lFTftdM1Q1DpqcQQ94SUej8azkiA' https://*.googleapis.com https://jawj.github.io https://cdn.jsdelivr.net 'sha256-3bzWVxQE32IZQKH9eh8KzyHuhXOlMrboDVVBRd0fWTU=' 'wasm-unsafe-eval' 'sha256-Uj/v88tG3kktFGTzlVxe8oOKd3rg17YwEeVwFtPNtvE=' 'sha256-TxVth7pFV2lTLaQUkK4uI0PZnuK0K8Xzqq7zYMHsjvc=' 'sha256-2E8hAf8GgEC/tzSSyZm7bQBuQ/ZUtbNG7FGn6f4dhkc=' 'sha256-abPq+DkEHMZiz/7e0xgxn09M+2bNYLByVVJlqlWRMR8=' 'sha256-BPEkYaj2VJSA0iJkTt2bomOjbP3NqpcEqJ6b0nWQDm4=' https://*.googletagmanager.com https://*.facebook.net https://www.ovb.es 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.facebook.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.frcapi.com https://youtube.com https://*.googletagmanager.com; style-src-elem 'self' 'nonce
strict-transport-security: max-age=31536000; includeSubDomains