sklarnaharrachov.cz

HTML metadata

Title: Poznejte sklárnu | Sklárna Harrachov
Description: Sklárna Harrachov patří mezi nejstarší sklárny na světě. Každý kousek skla, který zde vznikne, je jedinečný a odráží dovednosti a preciznost místních sklářských mistrů.
Language: cs

Technology

Server: nginx
Stack: PHP

Analytics

Google Tag Manager

Third-party hosts loaded (2)

www.google.com×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

+420481528142

DNS records live

NS

ns1.regzone.cz
ns1.regzone.de
ns1.regzone.info

MX

1 mail.sklarnaharrachov.cz
15 relay.zoner.com
20 10mx.zoner.com
30 15mx.zoner.com

Verified for

Google

Email authentication weak

SPF

v=spf1 ip4:31.30.34.74 a mx include:spf-zoner-zmail.zoner.com include:spf-zoner-cloudmail.zoner.com include:_spf.webglobe.cz include:mail1.colosseum.eu ~all

softfail (~all)

DMARC

not published

DKIM

mail: v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSY/32aFHGLInjU0cP1HpIoksqcWL6ySM8DBXrcYKqQtDkDi5qK3HmeQj+QTLA9nm7jTO2pqd20wy6Xp2wwL1s…

selectors probed

Certificate (current)

YE2

from 2026-05-29 to 2026-08-27

Expires in 85 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://sklarnaharrachov.cz/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://connect.facebook.net/ https://*.facebook.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ ; connect-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ ht
strict-transport-security: max-age=2592000; includeSubDomains