pericoli-naturali.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
Third-party hosts loaded (4)
- www.dangers-naturels.ch×1
- www.natural-hazards.ch×1
- www.naturgefahren.ch×1
- www.privels-natira.ch×1
Social
DNS records live
- NS
-
- dns1.meteoswiss.ch
- dns2.meteoswiss.ch
- dns3.meteoswiss.ch
- MX
-
- 10 zuemta003.meteoswiss.ch
- TXT
-
_xt7kdpvbvjzwa2hgfvguggj20na2imr_xao5r26ma1mck3tms283fglggl1fime
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 ip4:141.249.133.29 ip4:141.249.133.11 ip4:141.249.133.13 mx ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current) wrong cert
R12
Expires in 34 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' blob:;frame-src 'self' meteoschweiz.roundshot.com *.meteoswiss.ch *.youtube.com player.vimeo.com *.admin.ch worldweather.wmo.int *.yumpu.com *.ogd-meteoswiss.ch blob:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' blob: players.yumpu.com;img-src 'self' https://app-prod-static-crowd.meteoswiss-app.ch blob: data: *.geo.admin.ch api.maptiler.com *.roundshot.com;connect-src 'self' *.geo.admin.ch api.maptiler.com https://app-prod-static-crowd.meteoswiss-app.ch- strict-transport-security
max-age=31536000
Links to (7)
- x.com×1
- threads.com×1
- linkedin.com×1
- instagram.com×1
- facebook.com×1
- bsky.app×1
- admin.ch×1