stadt-der-gaerten.at
HTML metadata
Technology
- Server
- nginx
- CMS
- Nuxt
- JS framework
- Nuxt
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (2)
- consent.cookiebot.eu×1
- www.googletagmanager.com×1
Social
Contact
DNS records live
- NS
-
- ns1.internex.at
- ns2.internex.at
- ns3.internex.at
- ns4.internex.at
- MX
-
- 1 stadtdergaerten-at01cc.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
- not published
- DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA220xUjDCIBQbNA/RPOlMUW1Xrpe0DmP0IhmNAH9ca8cO7lCpiU+g8EJSKyxS7sP/xKKDowp41kcYz1… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhxkme9V9MZAF0UpfVAb6dxQFySfvMCFymbc6toM/3upcXP142k5N8fDHabcXJBeezejGZ0MokEP0m…
selectors probed - selector1:
Certificate (current)
R13
Expires in 32 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()- x-content-type-options
nosniff- content-security-policy
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.usercentrics.eu https://www.facebook.com https://ad.doubleclick.net data: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.g.doubleclick.net https://*.cookiebot.eu https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net; upgrade-insecure-requests; child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://consentcdn.cookiebot.eu https://www.google.com/recaptcha/ https://www.googleadservices.c- strict-transport-security
max-age=15552000; includeSubDomains- cross-origin-opener-policy
same-origin- cross-origin-embedder-policy
credentialless- cross-origin-resource-policy
same-origin