qaware.de
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- Cookiebot
Third-party hosts loaded (7)
- cdn.jsdelivr.net×2
- unpkg.com×2
- cdn2.hubspot.net×1
- consent.cookiebot.com×1
- js.hs-analytics.net×1
- js.hs-banner.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
Registration
- Updated
- 2018-05-03
- Name servers
-
- docks07.rzone.de.
- shades14.rzone.de.
DNS records live
- NS
-
- docks07.rzone.de
- shades14.rzone.de
- MX
-
- 10 aspmx.l.google.com
- 20 alt1.aspmx.l.google.com
- TXT
-
google-site-verification=23ZA6wrpZd_qwGatz2akXLeS-MQk6t6I2YqImomBeWQgoogle-site-verification=uhM8-_rW2yO2yqseOv7O9GERsgKC4p9mRPQuplTCYV4
Email authentication strong
- SPF
-
v=spf1 include:_spf.google.com include:spf.sendinblue.com include:144685037.spf02.hubspotemail.net mx -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine;policy: quarantine - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaJEBOfiXeUAQywWBm4dRFZ+QgL0R/2nusVrGGGbWT5jOPpWedv/D9rWJdiUDuD/NAJRGAJA/jPfDi… - smtpapi:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…
selectors probed - google:
Certificate (current)
E8
Expires in 73 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-content-type-options
nosniff- content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'strict-dynamic' *.hscta.net *.hubspot.com *.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hubapi.com consent.cookiebot.com consentcdn.cookiebot.com www.google.com *.personio.de 'nonce-YFVdW8fN4YVOrjGQL1aoHw=='; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.hsappstatic.net *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hubspot.net cdn.jsdelivr.net cdnjs.cloudflare.com *.personio.de; font-src 'self' data: *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hsappstatic.net fonts.gstatic.com *.personio.de; img-src 'self' data: blob: *.hscta.net *.hubspot.com *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hsforms.com *.hsappstatic.net *.hubspot.net *.googletagmanager.com *.personio.de; object-src 'none'; base-uri 'self' *.personio.de; frame-ancestors 'self' *.qaware.de; frame-src 'self' *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspotvideo.com *.hsforms.c- strict-transport-security
max-age=31536000; includeSubDomains- content-security-policy-report-only
default-src 'none'; script-src 'self' 'strict-dynamic' *.hscta.net *.hubspot.com *.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hubapi.com consent.cookiebot.com consentcdn.cookiebot.com www.google.com *.personio.de 'nonce-YFVdW8fN4YVOrjGQL1aoHw=='; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.hsappstatic.net *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hubspot.net cdn.jsdelivr.net cdnjs.cloudflare.com *.personio.de; font-src 'self' data: *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hsappstatic.net fonts.gstatic.com *.personio.de; img-src 'self' data: blob: *.hscta.net *.hubspot.com *.hubspotusercontent-eu1.net *.hubspotusercontent-na2.net *.hsforms.com *.hsappstatic.net *.hubspot.net *.googletagmanager.com *.personio.de; object-src 'none'; base-uri 'self' *.personio.de; frame-ancestors 'self' *.qaware.de; frame-src 'self' *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspotvideo.com *.hsforms.com consentcdn.cookiebot.com