spycher-handwerk.ch
spycher-handwerk.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
- PHP
- 8.3.30 security-only
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (2)
- maps.googleapis.com×1
- www.googletagmanager.com×1
Contact
- Phone
DNS records live
- NS
-
- ns1.wly.ch
- ns2.wly.ch
- ns3.wly.ch
- MX
-
- 5 mta-gw.infomaniak.ch
Email authentication weak
- SPF
-
v=spf1 include:spf.infomaniak.ch include:spf.mail.weloveyou.systems -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E8
Expires in 31 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com data: www.planyo.com cdn.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.gstatic.com apis.google.com htt- strict-transport-security
max-age=31536000; includeSubDomains;