indexo.dev

provincia.bz.it

.it crawl

First seen 2026-05-11 · Last seen 2026-05-20 · ok HTTP/1.1 200 10212 ms crawled 2026-05-16

US · 150.171.109.34 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Language
de

Technology

CDN
Azure Front Door

Third-party hosts loaded (1)

  • static.provinz.bz.it×1

DNS records live

NS
  • ns1-03.azure-dns.com
  • ns2-03.azure-dns.net
  • ns3-03.azure-dns.org
  • ns4-03.azure-dns.info
MX
  • 0 mx07-0067de01.pphosted.com
  • 0 mx08-0067de01.pphosted.com
TXT
  • m8hkn31nca1de5qj1cugjbotv
  • plMvoXUJQ6mgO9vvUeoKPh2NLSghbiIpXI3p/jjHApZ2P8xuoTVGN/oZMawtXcHt5Oid5ZvQwJmlLJ+VLLIW8Q==
Verified for
  • Brevo
  • Google
  • Loader.io
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net include:spf.sendinblue.com include:_spf-dc2.successfactors.com ip4:54.229.2.165 ip4:52.30.130.201 ip4:62.101.0.0/21 ip4:62.101.8.0/21 ip4:62.101.1.0/24 -all
strict (-all)
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:dmarc@siag.it; ruf=mailto:dmarc@siag.it; fo=1
policy: none (monitoring only)
DKIM
Show 4 DKIM selectors
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hX2k1d02RItstAOPpiCjJH0ADHFnRthVsPxTdoDUir018UF3qVbMEDmgFwllTEDBMBNOW0LKqBnKl…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAl6IF67PJp5ZeZ44EAScxIn910wZDLssXyS14476KyFIzJa2bOXX68wgKep2OaXuGC11jxRhD9aTAogRTqg…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
  • mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1
from 2026-02-02 to 2026-08-03
Expires in 74 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://home.provincia.bz.it/it

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com https://cdn.knightlab.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api-integrations.services.siag.it https://api.integrations.services.siag.it https://sis.prod.apimanagement.eu20.hana.ondemand.com https://redas.services.siag.it https://mycivis.civis.bz.it https://static.provinz.bz.it https://www.openstreetmap.org https://*.iubenda.
strict-transport-security
max-age=15768000
cross-origin-opener-policy
same-origin-allow-popups

Linked from (6)