penny.at

HTML metadata

Technology

Server

istio-envoy

CMS

Nuxt

Cookie consent

• OneTrust

Third-party hosts loaded (4)

• assets-eu-01.kc-usercontent.com×53
• assets.adobedtm.com×1
• cdn.cookielaw.org×1
• images.cdn.europe-west1.gcp.commercetools.com×1

Social

• facebook
• instagram
• youtube
• linkedin

DNS records live

NS

• ns-cloud-e1.googledomains.com
• ns-cloud-e2.googledomains.com
• ns-cloud-e3.googledomains.com
• ns-cloud-e4.googledomains.com

MX

• 10 mxa-009d0501.gslb.pphosted.com
• 10 mxb-009d0501.gslb.pphosted.com

TXT

Show 4 TXT records

• OnRSJ8g7ELh+LLNNOYsauklh2zlyqvTMiXs/yvVsyIm7t2SagTqk0CrOHiJKGur4suLNEtOKqKRw8bPnNNfhDA==
• ciscocidomainverification=2fea04c6cad98af6fcea45c442bb419188b0873fbbd13e796cf79cb98fa3a604
• 7o0vct1n8ikor9btcqf8nrt82m
• JfzjJOh8gbhRdmp3hio74CYEFCLfGu5QD2+aEZ1EY/cSqTFVb3AnBvNr/VoA3dAgNgqNvMpMDKVCcR192v1ylQ==

Verified for

• Atlassian
• Google
• Google Workspace
• Microsoft 365
• Miro

Email authentication partial

SPF

v=spf1 include:spf-009d0501.pphosted.com include:elaine-asp.de include:spf.protection.outlook.com include:spf.rewe-group.at include:spf.eu.odmad.quest-on-demand.com -all

strict (-all)

DMARC

v=DMARC1; p=none; sp=none; rua=mailto:dmarc_reports@rewe-group.at;

policy: none (monitoring only) · sp=none

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.penny.at/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy
• permissions-policy
• cross-origin-opener-policy
• cross-origin-resource-policy

findings

• CSP allows unsafe inline scripts/styles

Links to (8)

• apple.com×1
• facebook.com×1
• google.com×1
• instagram.com×1
• issuu.com×1
• linkedin.com×1
• rewe-group.at×1
• youtube.com×1

Linked from (2)

• brajlovic.at×1
• lehrlingspower.at×1