indexo.dev

sfs.ch

.ch crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 899 ms crawled 2026-05-30

DE · 5.182.155.35 · AS5539 SpaceNet AG

Reputation 100/100

Classifying

HTML metadata

Title
The online shop for industry professionals | SFS
Description
Efficient, precise and industry-ready: over 200,000 listed products – tools, fastening technology & connection elements for your production and maintenance.
Language
en
Canonical
https://www.sfs.ch/CH/en/dl/
Translations
  • de
  • en
  • fr
  • it

Open Graph

url
https://www.sfs.ch/CH/en/dl/
title
The online shop for industry professionals | SFS
description
Efficient, precise and industry-ready: over 200,000 listed products – tools, fastening technology & connection elements for your production and maintenance.

Technology

CMS
Gatsby
jQuery
3.7.1
Stack
Java
Fonts
  • Google Fonts
Third-party hosts loaded (8)
  • assets.hoffmann-group.com×57
  • cdn.tagcommander.com×3
  • ca.hoffmann-group.com×2
  • cdn.trustcommander.net×2
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • redirect28.tagcommander.com×1
  • webtoapp.design×1

Social

DNS records live

NS
  • dns1.sfs-network.biz
  • dns1.sfs-network.ch
  • dns2.sfs-network.biz
  • dns2.sfs-network.ch
  • dns3.sfs-network.biz
  • dns3.sfs-network.ch
MX
  • 10 mail1.sfs.biz
  • 10 mail2.sfs.biz
TXT
  • MS=8C0A5C2EE80B08F5C74A7F49DA0C01AEADA7C8FD
Verified for
  • Microsoft 365

Email authentication strong

SPF
v=spf1 include:_spf.sfs.biz -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:mailreports@dmarc.sfs.biz;
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-27 to 2026-07-26
Expires in 55 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.sfs.ch/CH/en/dl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(self)
x-content-type-options
nosniff
content-security-policy
default-src blob: data: https: wss: 'unsafe-eval' 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-zfOAaUeBJ76QVSyEgeHJzw==' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https:; script-src-attr 'unsafe-inline'; object-src 'none'; base-uri 'self' https://d6tizftlrpuof.cloudfront.net; frame-ancestors 'self' https://psa.hoffmann-group.com https://*.dynamics.com https://*orangecrm-hog.crm4.dynamics.com https://*.seismic.com https://seismic.com http://iframe.grassfish.tv/ https://hoffmann.grassfish.tv/ https://bec.hoffmann-group.com/;
strict-transport-security
max-age=16070400; includeSubDomains

Links to (6)

Linked from (3)