spinko.pl
HTML metadata
Technology
- Server
- Apache
Third-party hosts loaded (1)
- cdn.jsdelivr.net×1
Contact
- Phone
DNS records live
- NS
-
- ns1.nazwa.pl
- ns2.nazwa.pl
- ns3.nazwa.pl
- MX
-
- 0 spinko-pl.mail.protection.outlook.com
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.tdj.pl include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@spinko.pl; ruf=mailto:dmarc-reports@spinko.pl; sp=quarantine; fo=s; aspf=spolicy: quarantine · sp=quarantine - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fSvABk6RCQayokndZFRZS0QcNcx9SYKUPaj39KILF588M4pcqTb5N2pzEiRfJlhK9g1g43nuR3JKA…
selectors probed - selector1:
Certificate (current)
nazwaSSL DV TLS G2 R29 CA
Expires in 148 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- content-security-policy
default-src 'self' https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; script-src 'self' https://maps.googleapis.com https://www.gstatic.com https://code.jquery.com/ui/1.10.4/jquery-ui.min.js 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob: https://www.google.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://fonts.gstatic.com data: 'unsafe-inline' 'unsafe-eval' *;- strict-transport-security
max-age=31536000
Links to (3)
- civ.pl×1
- nomonday.pl×1
- tdj.pl×1