rikorda.it

HTML metadata

Title: Rikorda: Stampa le tue Foto e tuoi prodotti fotografici online!
Description: Stampa le tue Foto con Rikorda! Scopri tutte le offerte ed i prodotti: fotolibri, calendari, fotoregali, stampe, foto con quadri e stampa digitale. Online e su App!
Language: it
Canonical: https://www.rikorda.it/

Technology

Server: Apache
CMS: Gatsby

Analytics

Google Tag Manager

Cookie consent

Iubenda

Third-party hosts loaded (7)

rikorda.b-cdn.net×86
widget.zoorate.com×3
widget.feedaty.com×2
accounts.google.com×1
cdn.iubenda.com×1
static.criteo.net×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

01931960064

DNS records live

NS

dnsfc1.interbusiness.it
dnsfc2.interbusiness.it

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Email authentication partial

SPF: v=spf1 ip4:213.92.101.96/28 a:ammin.fototaxi.it include:_spf.google.com include:t.contactlab.it include:feedaty.com include:mail.zendesk.com ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:sviluppo@rikorda.it; ruf=mailto:sviluppo@rikorda.it; fo=1
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2026-03-12 to 2026-09-27

Expires in 116 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.rikorda.it/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: DEFAULT-SRC 'self' blob: rikorda.it *.rikorda.it; SCRIPT-SRC 'self' 'unsafe-inline' 'unsafe-eval' blob: rikorda.it *.rikorda.it *.sentry-cdn.com *.iubenda.com *.criteo.net *.criteo.com *.zoorate.com *.feedaty.com *.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io *.addtoany.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com www.googleadservices.com *.doubleclick.net *.clerk.io *.facebook.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com *.b-cdn.net s.pinimg.com www.youtube.com *.magentocommerce.com *.tradedoubler.com a.imgstatics.com *.newrelic.com *.pinterest.com; STYLE-SRC 'self' 'unsafe-inline' rikorda.it *.rikorda.it *.zoorate.com *.googleapis.com *.feedaty.com assets.braintreegateway.com rikorda.b-cdn.net *.google.com; CONNECT-SRC 'self' blob: rikorda.it *.rikorda.it *.rikordadev.it rikorda.zendesk.com wss://*.zopim.com wss://*.zendesk.com ekr.zdassets.com *.iubenda.com *.criteo.com *.doubleclick.net
strict-transport-security: max-age=300; includeSubdomains
content-security-policy-report-only: font-src *.fontawesome.com *.magentocommerce.com *.iubenda.com *.zopim.com data: *.b-cdn.net fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.paym