romet.pl
HTML metadata
Technology
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- Cookiebot
Third-party hosts loaded (3)
- cdn.thulium.com×2
- consent.cookiebot.com×2
- www.googletagmanager.com×1
DNS records live
- NS
-
- ns1.tld.pl
- ns2.tld.pl
- MX
-
- 1 romet-pl.mail.protection.outlook.com
- TXT
-
ppe-6933c49214c566a1d76f99b48e2b9101696992aeeff4643fcb3579b11e1a265862f8b73a960c5ea35ce76d92c0ab08577b7d14b
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 75 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
autoplay=(self), fullscreen=(self), geolocation=(self), payment=(self)- x-content-type-options
nosniff- content-security-policy
script-src 'self' http: https: https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline'; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com www.googletagmanager.com consentcdn.cookiebot.com https://bid.g.doubleclick.net https://td.doubleclick.net romet.user.com- strict-transport-security
max-age=31536000; includeSubDomains; preload- cross-origin-resource-policy
cross-origin