stada.com

HTML metadata

Title

STADA Arzneimittel AG | STADA

Description

STADA is pharmaceutical company that focuses on a three-pillar strategy consisting of consumer healthcare products, generics and specialty pharma. Explore STADA

Language

en-GB

Canonical

https://www.stada.com/

Translations

de-de
en-gb

Open Graph

url: https://www.stada.com/
title: STADA Arzneimittel AG | STADA
site name: STADA
description: STADA is pharmaceutical company that focuses on a three-pillar strategy consisting of consumer healthcare products, generics and specialty pharma. Explore STADA

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Phone

+49 6101 603-0

Registration

Registrar

MarkMonitor Inc.

Created

1999-12-13

Expires

2026-12-13 207 days left

Updated

2025-11-11

Name servers

ns1.opportunity.de
ns2.opportunity.de
ns3.opportunity.de

DNS records live

NS

ns1.opportunity.de
ns2.opportunity.de
ns3.opportunity.de

MX

50 stada-de.mail.protection.outlook.com

TXT

Show 24 TXT records

adobe-sign-verification=a36bc8854f392317306eb825ff845a21
knowbe4-site-verification=b8e40aa6659fb5f105483dc72a3caec8
mindmanager-verification=391e2a2b4c0ff4b35c1ed911a53144fe976f75ee71d0c6a808cd571901a78ee5
_8j573u0z0jcje4a4e6utdjn0hl0kv5g
globalsign-domain-verification=9GQ_R31ziUYA2om801GUU_3lIAow1KSfTgvmZ_JWAy
anthropic-domain-verification-1sd33k=4PZVF3kkdMPodV0McxpA60GWy
google-site-verification=NX73yxKthTD_kCjwCOYnuafJfFnzFs4PubVWFnjhhoM
globalsign-domain-verification=iu9NkYOw8m5gkMNwJRwxrOdCHD7aDu2J8UAtOEIVpq
google-gws-recovery-domain-verification=55478936
BvO1TervsBCJOq2IzqdexqQQj7gn06EWYyNC85gND34=�
MS=ms65108284
v=spf1 mx a:mailgw.stada.de include:spf.eu.exclaimer.net include:_u.stada.com._spf.smart.ondmarc.com -all
onetrust-domain-verification=ec65de6b7e1c4b8182537d458de6e8b4
teamviewer-sso-verification=ca30ccef5a2c4e09b1cf895199ee892a
apple-domain-verification=wKmIjoGKBNiDhS9Y
AjKeY3tSM4tQrDJR9lqao0VtgSOD+3uPynEejVj8EEHNM9s64rgsy5ZO5UNFTmpcJZsQ+OuXOpr6UYYWc69GnA==
globalsign-domain-verification=fue3O9IxeSAaf0F7hDlGogick84_Id4HKqSRiMaouy
atlassian-domain-verification=AXdvy1Nvi74u98jFpT0T54/WBj9bOZ5OAcd/yFPEe9cFFAB8zGJ6ZKCA6X9rJcyV
8yqjy0t7dbbvt1wqht5kz18zd96x45xj
dtm-domain-verification=5Q4g2Fo8wwPW955VTN2jqIh7O_vbF7sieZIfzO12Vgs
globalsign-domain-verification=O4X-8TO-uWm3_uBpWkDfSV24N17eHxP3O8CAxbHFdB
miro-verification=3171d4d4777b896b39ed47d29aaa0eb3e09b0b71
onetrust-domain-verification=8b0070242adb400b93a7f294c86103c3
adobe-sign-verification=65523d91904219ebb7da186478e89676

Certificate (current)

R13

from 2026-04-13 to 2026-07-12

Expires in 53 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.stada.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: ALLOW-FROM https://stadaarz.sharepoint.com
x-content-type-options: nosniff
content-security-policy: default-src 'self' sgtm.stada.com; connect-src *; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.youtube.com *.youtube-nocookie.com stadaarz.sharepoint.com login.doccheck.com *.linkedin.com *.google.com player.vimeo.com *.doubleclick.net *.googletagmanager.com; img-src 'self' *.juicer.io dashboard.umbraco.org maps.googleapis.com maps.gstatic.com *.clarity.ms *.bing.com *.google-analytics.com *.usercentrics.eu *.twimg.com *.xx.fbcdn.net *.googletagmanager.com *.linkedin.com *.facebook.com *.doubleclick.net *.google.com *.google.co.uk data:; media-src 'self' *.vimeo.com *.vimeocdn.com *.akamaized.net; object-src *; script-src 'self' *.facebook.net *.cloudflare.com ajax.aspnetcdn.com *.usercentrics.eu maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.clarity.ms *.google.com *.gstatic.com *.licdn.com *.facebook.net *.googleadservices.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src 'self';
strict-transport-security: max-age=31536000; preload