payone.com
HTML metadata
Technology
- CDN
- Amazon CloudFront
- CMS
- Nuxt
Third-party hosts loaded (1)
- widget.moin.ai×1
Social
Contact
- Address
- Lyoner Straße 15, 60528, Frankfurt am Main, DE
Registration
- Registrar
- CSC Corporate Domains, Inc.
- Created
- 1998-10-02
- Expires
- 2026-10-01 134 days left
- Updated
- 2025-09-27
- Name servers
-
- ns-cloud-a1.googledomains.com
- ns-cloud-a2.googledomains.com
- ns-cloud-a3.googledomains.com
- ns-cloud-a4.googledomains.com
DNS records live
- NS
-
- ns-cloud-a1.googledomains.com
- ns-cloud-a2.googledomains.com
- ns-cloud-a3.googledomains.com
- ns-cloud-a4.googledomains.com
- MX
-
- 10 mx1.payone.com
- 10 mx2.payone.com
- TXT
-
Show 9 TXT records
canva-site-verification=VOBY4CAY6ik36NChA8aNEQ8fws4s81122dfsxlcpvxkdrxysk6fzhymiro-verification=9a18503a11acd467a6176c2fe5eb1c8b61d34966cisco-ci-domain-verification=57e3d0a4d160f89f557fe5d399b69dc54ec6be2d87e3f3f92dea807aa2352280google-site-verification=S-dCI9DFsYGOHYiDLZ3bHFnwnXMb9hw3gLFm5okw5XIswisssign-check=I8WqDDTy8dfADZoFf6qgHT58UyUapple-domain-verification=B4n5NPkDtSEiA5YcMS=ms64519113MS=ms66260373
Email authentication partial
- SPF
-
v=spf1 a mx include:spfextend.payone.com include:_spf.services.ingenico.com include:_spf.salesforce.com include:amazonses.com include:_spf.senders.scnem.com ip4:45.143.177.14 ip4:45.143.177.15 ip4:18.195.170.81/32 ip4:82.97.146.0/23 ~allsoftfail (~all) - DMARC
-
v=DMARC1;p=none;sp=none;pct=100;rua=mailto:iej4eobm@ag.eu.dmarcadvisor.com;ri=86400;aspf=r;adkim=r;fo=1policy: none (monitoring only) · sp=none - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs/Di38iMnRgZtXd8DvgQDb6BCF8RGaRvTFqIeJlAJtZMBhKmUblp8by42j2s582WjZ/t/Hr4KK9BM…
selectors probed - selector1:
Certificate (current)
WR3
Expires in 82 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; font-src 'self' data: https://*.moin.ai https://payone-static.s3.eu-central-1.amazonaws.com; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*.payone.com https://a.storyblok.com https://*.usercentrics.eu https://bat.bing.com https://*.doubleclick.net https://*.moin.ai https://*.facebook.com https://www.google.de https://*.google.com; object-src 'none'; script-src-attr 'unsafe-hashes' 'sha256-qOBd84dGYZ1TXAj+NIqiwfe6+6cjjOJx8QNDBdoNQyM='; style-src 'self' https: 'unsafe-inline'; script-src 'self' https://bat.bing.com https://ad4m.at https://connect.facebook.net https://sswt.payone.com https://unpkg.com https://*.usercentrics.eu https://*.moin.ai https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com 'unsafe-inline' 'strict-dynamic' 'unsafe-eval' 'nonce-vdgaGWBRF7YBu81zQI1I6N9P'; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://*.moin.ai wss://*.moin.ai h- strict-transport-security
max-age=15552000; includeSubDomains- cross-origin-opener-policy
same-origin- cross-origin-resource-policy
same-origin
Links to (6)
- facebook.com×3
- instagram.com×3
- linkedin.com×3
- onetrust.com×3
- xing.com×3
- youtube.com×3