sofia.bg
HTML metadata
Technology
- Stack
- Java
Third-party hosts loaded (1)
- www.sofia.bg×53
DNS records live
- NS
-
- ns.sofia.bg
- ns2.sofia.bg
- MX
-
- 1 smtp.google.com
Email authentication strong
- SPF
-
v=spf1 mx ip4:31.13.222.133 ip4:37.209.175.20 ip4:77.77.151.39 ip4:79.124.30.64 ip4:93.123.36.155 ip4:31.13.220.199 a:sonet17.sofia.bg a:sonet13.sofia.bg a:smtp1.sofia.bg a:mx3.sofia.bg include:_spf.google.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:dmarc@eoiit.bg; ruf=mailto:dmarcf@eoiit.bg; sp=none; fo=1policy: quarantine · sp=none - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTZqNHIKe/8FDci4k1rgGz7I2VuoTTtuCNB9ejdqkDcYEvdyom/edhNIveKcGCfNnFzMjWFgsK3Bg+/NcvBP…
selectors probed - google:
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 102 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- permissions-policy
camera=('self'), microphone=('self'), geolocation=('self')- x-content-type-options
nosniff- content-security-policy
block-all-mixed-content; default-src *.sofia.bg 'unsafe-inline' 'self' www.youtube.com; script-src *.sofia.bg 'unsafe-inline' 'unsafe-eval' 'self' *.google.com; object-src 'self' *.sofia.bg; img-src *.sofia.bg 'self' data:- strict-transport-security
max-age=31536000;includeSubDomains