indexo.dev

qr-cube.ch

.ch crawl

First seen 2026-05-31 · Last seen 2026-05-31 · ok HTTP/1.1 200 370 ms crawled 2026-06-01

CH · 217.26.53.213 · AS29097 Hostpoint AG

Reputation 92/100 spf without fallback

sector travel type ecommerce

HTML metadata

Title
QR-Cube | Holzwürfel mit QR-Codes für Ferienunterkünfte
Description
Der QR-Cube ist der smarte Info-Würfel der WLAN, Tipps & Infos via QR-Code elegant vereint. Ideal für Ferienwohnungen, Chalets & Aparthotels.
Language
de-ch
Generator
Joomla! - Open Source Content Management
Translations
  • de

Open Graph

url
https://qr-cube.ch/
title
QR-Cube | Holzwürfel mit QR-Codes für Ferienunterkünfte
description
Der QR-Cube ist der smarte Info-Würfel der WLAN, Tipps & Infos via QR-Code elegant vereint. Ideal für Ferienwohnungen, Chalets & Aparthotels.

Technology

Server
Apache
CMS
Joomla
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • www.googletagmanager.com×2
  • www.facebook.com×1

Social

Contact

Email
Phone

DNS records live

NS
  • ns.hostpoint.ch
  • ns2.hostpoint.ch
  • ns3.hostpoint.ch
MX
  • 10 mx1.mail.hostpoint.ch
  • 10 mx2.mail.hostpoint.ch
TXT
  • seobility=b69b4be160cc6106f240def5d96a0fee
Verified for
  • Google
  • Pinterest
  • Stripe

Email authentication strong

SPF
v=spf1 redirect=spf.mail.hostpoint.ch
missing all
DMARC
v=DMARC1; p=quarantine;
policy: quarantine
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-07 to 2026-07-06
Expires in 33 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://qr-cube.ch/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(self "https://js.stripe.com"), picture-in-picture=(), publickey-credentials-get=(), usb=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' https: data: blob:; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https:; img-src 'self' https: data: blob:; font-src 'self' https: data: https://fonts.gstatic.com https://*.fontawesome.com https://ka-f.fontawesome.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com https://*.fontawesome.com https://elfsight.com https://*.elfsight.com https://elfsightcdn.com https://*.elfsightcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://embed.typeform.com https://*.typeform.com https://js.stripe.com https://*.js.stripe.com https://elfsight.com https://*.elfsight.com https://elfsightcdn.com https://*.elfsightcdn.com https://kit.fontawesome.com https://*.fontawesome.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com; connect-src 'self' https: wss: https://api.typeform.com https://*.typeform.com https://api.stripe.com https://m.stripe.network https://m.stripe.com htt
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin

Links to (4)

Linked from (1)