sanroque.es
HTML metadata
Technology
- Server
- nginx
- CMS
- Drupal
Third-party hosts loaded (2)
- ajax.googleapis.com×1
- maps.google.com×1
Contact
- Phone
DNS records live
- NS
-
- ns1.sanroque.es
- ns2.sanroque.es
- MX
-
- 10 mx1-eu1.ppe-hosted.com
- 10 mx2-eu1.ppe-hosted.com
- TXT
-
ppe-11a9b686f5d6459f01c536ad3adf720dd863d7103600
Email authentication partial
- SPF
-
v=spf1 include:_spf-eu.ppe-hosted.com ip4:62.82.131.178 ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=none;rua=mailto:cpd.dmarc@sanroque.es; ruf=mailto:cpd.dmarc@sanroque.es; fo=1policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
Sectigo RSA Domain Validation Secure Server CA
Expires in 23 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.todostreaming.es multimediasanroque.com *.googleapis.com *.google.com www.google-analytics.com *.doubleclick.net *.sharethis.com connect.facebook.net *.foursquare.com; object-src 'none'; child-src 'self' www.facebook.com *.google.com *.youtube.com *.sharethis.com cpd.sanroque.es; frame-ancestors 'self' https://cpd.sanroque.es; upgrade-insecure-requests; block-all-mixed-content; img-src * data:; font-src 'self' fonts.gstatic.com; report-uri /csp-uri.php- strict-transport-security
max-age=31536000; includeSubDomains; preload