power-gmbh.de
HTML metadata
Technology
- Server
- nginx
Third-party hosts loaded (3)
- cdn.jsdelivr.net×2
- code.jquery.com×1
- stackpath.bootstrapcdn.com×1
Registration
- Updated
- 2026-03-10
- Name servers
-
- dns01-tld.t-online.de.
- dns02-tld.t-online.de.
DNS records live
- NS
-
- dns01-tld.t-online.de
- dns02-tld.t-online.de
- MX
-
- 10 smtp-01.tld.t-online.de
- 10 smtp-02.tld.t-online.de
Email authentication weak
- SPF
-
v=spf1 include:_spf.hier-im-netz.de ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 85 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; img-src data: 'self' https://img.youtube.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://www.youtube-nocookie.com; base-uri 'self'; object-src 'self' data:; form-action 'self'; frame-ancestors 'self';- strict-transport-security
max-age=15768000; includeSubDomains, max-age=63072000; includeSubDomains; preload