pensionskasse-der-bewag.de
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Server
- AmazonS3
Third-party hosts loaded (3)
- cdn0.scrvt.com×3
- api.scrivito.com×2
- 3yreteyma0.execute-api.eu-central-1.amazonaws.com×1
Registration
- Updated
- 2025-02-04
- Name servers
-
- ns1.ndc.nuon.com.
- ns1.vattenfall.de.
- ns1.vattenfall.se.
- ns2.ndc.nuon.com.
- ns2.vattenfall.de.
- ns2.vattenfall.se.
DNS records live
- NS
-
- ns1.ndc.nuon.com
- ns1.vattenfall.de
- ns1.vattenfall.se
- ns2.ndc.nuon.com
- ns2.vattenfall.de
- ns2.vattenfall.se
- MX
-
- 10 mx.vattenfall.com
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:_spfvfout.vattenfall.com -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com; sp=reject; fo=1; adkim=r; aspf=rpolicy: reject (enforced) · sp=reject - DKIM
- no key found at common selectors
Certificate (current)
Amazon RSA 2048 M01
Expires in 296 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
sameorigin- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://d1ncci6mqi.execute-api.eu-central-1.amazonaws.com/dev/submitform https://mr1b3k6pgh.execute-api.eu-central-1.amazonaws.com/dev/submitform; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com- strict-transport-security
max-age=63072000; includeSubDomains; preload