sergas.gal

.gal user

First seen 2026-05-19 · Last seen 2026-05-19 · ok HTTP/1.1 200 1141 ms crawled 2026-05-19

ES · 217.124.246.98 · AS3352 Telefonica De Espana S.a.u.

Reputation 100/100

sector government type homepage

HTML metadata

Title: Inicio - Consellería de Sanidade - Servizo Galego de Saúde
Description: Portal Web da Consellería de Sanidade e o Servizo Galego de Saúde
Language: gl-es
Generator: Microsoft SharePoint
Canonical: https://sergas.gal:443/Portada

Technology

Third-party hosts loaded (1)

www.sergas.gal×127

Social

Registration

Registrar

Acens Technologies, S.L.U

Created

2014-12-02

Expires

2026-12-02 195 days left

Updated

2025-12-01

Name servers

ns3.sergas.es
ns2.sergas.es
artemis.ttd.net
ns4.sergas.es
ns1.sergas.es

DNS records live

NS

artemis.ttd.net
minerva.ttd.net
ns1.sergas.gal
ns2.sergas.gal
ns3.sergas.gal
ns4.sergas.gal

MX

10 mail01.sergas.gal
10 mail02.sergas.gal

Verified for

GlobalSign
Google
Microsoft 365

Email authentication strong

SPF

v=spf1 mx ip4:217.124.244.71 ip4:217.124.244.72 include:spf.protection.outlook.com include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc_repagg@sergas.gal

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYbuwV9G6hM8yjz32fPLHcfP2rm1yCIySDkRrITPoAsyG1Oyi7jlSokYjVeNJ0lAz3kZw7aJjfGeOk…
selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVqm5atFyOHG+M+cd/TNqYqm6QY3cxpGnCDZm06luW+muy6SEses7MU1/IHmcRwILA67G2+z/3fqtm…

selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2026-01-05 to 2027-02-06

Expires in 262 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.sergas.gal/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com;, default-src 'self' sergas.es sergas.gal *.sergas.gal *.sergas.es *.sergas.local *.gstatic.com *.googleapis.com *.googletagmanager.com *.readspeaker.com *.google.com *.google-analytics.com https://datawrapper.dwcdn.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com; font-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com
strict-transport-security: max-age=31536000;includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin