schoellerbank.at
HTML metadata
Technology
- Stack
- Java
Third-party hosts loaded (1)
- analytics.arz.at×1
Contact
- Phone
DNS records live
- NS
-
- nsi1.arz.at
- nsi2.arz.at
- MX
-
- 10 mx01.arz.at
- 10 mx02.arz.at
- TXT
-
actalis-dcv=psl3dhtt7mesghki741su30u1aswisssign-check=Kr1PCawD35XpDBaVdWj9Wn1exak
- Verified for
-
- Apple
- Cisco
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;policy: reject (enforced) - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eorqckeKhta/WUBZt/QSjIunhUy3A1WUSTp16Zfu1lcajkarjUYAQyvlxyOaL0Gwlef265uVQKomh… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzw29kzSg7rQ0Gawg63XoG5tBUn68m6/dKFro4PY/Q0Pazv98K99910lOV0GO+Pjqcs8XfntJRScWMc…
selectors probed - selector1:
Certificate (current)
GeoTrust EV RSA CA G2
Expires in 289 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' *.schoellerbank.at; font-src https://fonts.gstatic.com data: 'self'; img-src data: https://maps.gstatic.com https://maps.googleapis.com 'self' https://analytics.arz.at https://i.vimeocdn.com https://storage.buzzsprout.com https://*.googleapis.com; frame-src https://www.google.com https://maps.googleapis.com 'self' https://player.vimeo.com https://www.buzzsprout.com https://kurse.banking.co.at https://banking.schoellerbank.at https://analytics.arz.at; script-src https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.arz.at; connect-src https://*.googleapis.com https://www.gstatic.com 'self' data:; worker-src blob: 'self'; style-src-elem 'self' https://fonts.googleapis.com 'unsafe-inline';- strict-transport-security
max-age=31536000; includeSubDomains