salzhaus.ch
salzhaus.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- Joomla 2.8.3
DNS records live
- NS
-
- ch.pro.io
- nl.pro.io
- p.dnh.net
- MX
-
- 0 salzhaus-ch.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 ip4:81.62.168.194 include:spf.protection.outlook.com include:_spf.sui-inter.net +mx +a -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 69 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src 'self' https://www.webzen.com/__WebZen__/; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.webzen.com/__WebZen__/ *.gstatic.com *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' https://www.webzen.com/__WebZen__/; img-src 'self' https://www.webzen.com/__WebZen__/ data:; font-src 'self' https://www.webzen.com/__WebZen__/ data:; object-src 'self' https://www.webzen.com/__WebZen__/; worker-src 'self' https://www.webzen.com/__WebZen__/ blob:; connect-src 'self' https://www.webzen.com/__WebZen__/; child-src 'self' https://www.webzen.com/__WebZen__/ *.youtube.com *.vimeo.com *.spotify.com *.google.com *.gstatic.com *.googleapis.com *.soundcloud.com *.tiktok.com; frame-ancestors 'self' https://www.webzen.com/__WebZen__/; upgrade-insecure-requests; report-uri https://www.webzen.com/__WebZen__/webzen/api/CMS/csp_log.php- strict-transport-security
max-age=31536000; includeSubdomains