recreationcentral.eu
HTML metadata
Technology
- Analytics
-
- Google Tag Manager
- Ads
-
- Meta Pixel
- Fonts
-
- Font Awesome
Third-party hosts loaded (5)
- ajax.googleapis.com×1
- cdnjs.cloudflare.com×1
- connect.facebook.net×1
- use.fontawesome.com×1
- www.googletagmanager.com×1
Social
DNS records live
- NS
-
- ns1.greengeeks.net
- ns2.greengeeks.net
- MX
-
- 0 recreationcentral-eu.mail.protection.outlook.com
- TXT
-
MS=ms57252190google-site-verification=AbsK7vOW48Z0y8d45h7XjWfsmIjt3gVtWeqYBo9JDUc
Email authentication partial
- SPF
-
v=spf1 ip4:96.127.186.146 include:spf.greengeeks.net include:spf.protection.outlook.com -allstrict (-all) - DMARC
- not published
- DKIM
-
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6/2bIelUT61IhtROEO4Cs07wX1fRRM0kGwJ0A+7SzwAo8ZKPjN2CNL5l9s+UrwItcGQtHbFyO3ACe…
selectors probed - default:
Certificate (current)
R13
Expires in 44 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com; img-src 'self' data: https:; frame-src https://www.youtube.com https://www.google.com https://maps.google.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com;- strict-transport-security
max-age=31536000; includeSubDomains; preload