safeserver.de
safeserver.de
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
Contact
- Phone
Registration
- Updated
- 2014-03-24
- Name servers
-
- a.ns14.net.
- b.ns14.net.
- c.ns14.net.
- d.ns14.net.
DNS records live
- NS
-
- a.ns14.net
- b.ns14.net
- c.ns14.net
- d.ns14.net
- MX
-
- 10 mail.companyhost.de
- TXT
-
v=DMARC1; p=reject; pct=100
Email authentication strong
- SPF
-
v=spf1 a:mail.companyhost.de include:spf.mx.news-per-mail.de ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=reject; pct=100policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
E7
Expires in 32 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' blob: data: https://*.safeserver.de https://*.gzevd.de 'unsafe-inline';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;img-src * data: blob: 'self' https://*.safeserver.de blob: 'unsafe-inline'; script-src 'self' https://*.safeserver.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src data: 'unsafe-eval'; frame-ancestors 'self';- strict-transport-security
max-age=31536000; includeSubDomains; preload