palazzo.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1160 ms crawled 2026-05-18

DE · 31.172.113.2 · AS60955 Wavecon GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: PALAZZO Website
Language: de

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (2)

unpkg.com×2
www.googletagmanager.com×1

Registration

Registrar

InterNetX GmbH

Created

2001-08-30

Expires

2026-08-30 102 days left

Updated

2025-11-04

Name servers

ns7.wavedns.org
ns1.wavedns.de
ns2.wavedns.de
ns6.wavedns.com

DNS records live

NS

ns1.wavedns.de
ns2.wavedns.de
ns6.wavedns.com
ns7.wavedns.org

MX

0 palazzo-org.mail.protection.outlook.com

TXT

Show 7 TXT records

202106281943011gn3c8zshx02b6xerw5lhbgknzjy3wx55z02wqv48eagid7wbk
apple-domain-verification=hQ9OsPTg23l1ICOn
202006031901204bu0evbtpi9qbv54owkpb6z8oc04hbp9bfkiezf5l5vf6y0l86
MS=ms94674008
x11ly4wywtyx13v5mt0lbzt6pz0sh6fk
openai-domain-verification=dv-ZaBDd2OeaLAOz68BVp5IRuom
brevo-code:adc785baa46440d233b6ce74fc1532d8

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:spf.crsend.com ip4:185.22.221.9 ip4:31.172.113.2  ip4:185.22.221.21 ip4:194.49.92.240 a:mx4.eventim.de ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@palazzo.org,mailto:rua@dmarc.brevo.com

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKKbAMgQrBsvjaLEB/rNAtfZx2RnLUQlSaGaV8w9lNsx6zRycRhCYh/xkSllI8nN5ZhO91gEy2WPE9…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq8OBkem3MYfyia/WOnuyRvGmjszy3Oleo+4Bm+yW8fGIYDN+66kqZBHld1vvtaUsADJWT2qAG9jva…

selectors probed

Certificate (current)

R12

from 2026-04-20 to 2026-07-19

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.palazzo.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://*.doubleclick.net https://www.google.com https://cdnjs.cloudflare.com https://script.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://cookiepro.blob.core.windows.net https://code.jquery.com https://cookie-cdn.cookiepro.com https://unpkg.com/friendly-challenge@0.9.4/ https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cookiepro.blob.core.windows.net https://cookie-cdn.cookiepro.com https://www.youtube-nocookie.com; font-src 'self' data: http://localhost:60281; img-src 'self' data: blob: https://*; frame-src 'self' https://www.oeticket.com https://shop.palazzo.org https://palazzo.palboo.de http://palazzo.palboo.de http://palazzo-dinnershow.tickettoaster.de https://palazzo-dinnershow.tickettoaster.de https://www.e
strict-transport-security: max-age=63072000; includeSubdomains; preload

Linked from (2)

fkpscorpio.com×4
wasen.de×2