puzzle.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
Third-party hosts loaded (3)
- maps.googleapis.com×2
- www.google.com×2
- s3.amazonaws.com×1
Social
Contact
DNS records live
- NS
-
- ns1.dnsimple.com
- ns2.dnsimple.com
- ns3.dnsimple.com
- ns4.dnsimple.com
- sec1.rcode0.net
- sec2.rcode0.net
- MX
-
- 10 mx03.puzzle.ch
- 10 mx04.puzzle.ch
- TXT
-
Show 4 TXT records
google-site-verification=rXYTEToVuPnxDq-gvLJ7EjORGr6jEDVtEVRZQUAyrlEgoogle-site-verification=wjzhhca4ffb_sgysdzop-enctq-cqahhhxhg0qksslsbw=7XKswPGkECaggytXd6jAnE6vSlfqEu1oGovbFbp5fnWTgoogle-site-verification=nfzmGUmaoJG2p5ZHNoMFxL6F1wtWNSl2_k6cNfyIUcU
Email authentication strong
- SPF
-
v=spf1 mx include:_spf.puzzle.ch include:_spf.google.com include:servers.mcsv.net ~allsoftfail (~all) - DMARC
-
v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;rua=mailto:dmarc@g82152ty.uriports.com;ruf=mailto:dmarc@puzzle.ch;rf=afrf;fo=1policy: reject (enforced) · sp=reject - DKIM
-
- google:
v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGn/Fcj7YFyYFzjYev/WYEiMsrvfNN3RtqcGKtCiixAPez5NT7rJr0I19h3rADZgic5nrwEc+G83CckF… - k1:
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed - google:
Certificate (current)
E8
Expires in 82 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin, no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(self), display-capture=(self), document-domain=(self), fullscreen=(self), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), usb=(), web-share=(self)- x-content-type-options
nosniff- content-security-policy
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com https://matomo.puzzle.ch https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://www.youtube.com https://puzzle.us13.list-manage.com https://yoast.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https: data: https://fonts.gstatic.com- strict-transport-security
max-age=31536000; includeSubDomains
Links to (50)
- acrevis.ch×1
- adcubum.com×1
- admin.ch×1
- akb.ch×1
- amazon.com×1
- android.com×1
- angular.dev×1
- ansible.com×1
- apache.org×1
- apple.com×1
- appuio.ch×1
- backstage.io×1
- be.ch×1
- bedag.ch×1
- bern.ch×1
- bernmobil.ch×1
- bfh.ch×1
- bls.ch×1
- buildah.io×1
- buildpacks.io×1
- centrisag.ch×1
- cilium.io×1
- circleci.com×1
- crossplane.io×1
- cypress.io×1
- dagger.io×1
- dependencytrack.org×1
- docker.com×1
- elastic.co×1
- flughafen-zuerich.ch×1
- fluxcd.io×1
- fmh.ch×1
- gerichte-zh.ch×1
- getbootstrap.com×1
- getclair.com×1
- git-scm.com×1
- github.com×1
- github.io×1
- gitlab.com×1
- glauxgroup.ch×1
- gluster.org×1
- gnu.org×1
- go.dev×1
- goharbor.io×1
- google.com×1
- gradio.app×1
- grafana.com×1
- graphql.org×1
- haproxy.org×1
- helsana.ch×1