stanleyworks.ch
stanleyworks.ch
HTML metadata
Technology
- CDN
- Akamai
- Server
- nginx
- jQuery
- 1.8.3 known XSS (<3.5)
- Stack
- PHP
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- OneTrust
Third-party hosts loaded (3)
- www.stanleysites.com×8
- cdn.cookielaw.org×1
- www.googletagmanager.com×1
Social
DNS records live
- NS
-
- a1-218.akam.net
- a18-67.akam.net
- a5-64.akam.net
- a6-65.akam.net
- a8-66.akam.net
- a9-67.akam.net
- MX
-
- 10 mxa-00254701.gslb.pphosted.com
- 10 mxb-00254701.gslb.pphosted.com
- TXT
-
domain-verification:6fce9463ee817efc4688cfaa06e7a05ed817386f
- Verified for
-
- Meta
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;policy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
DigiCert Global G3 TLS ECC SHA384 2020 CA1
Expires in 231 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src https: data: blob: 'unsafe-inline'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https:; base-uri 'self'; upgrade-insecure-requests; report-uri /csp.cgi- strict-transport-security
max-age=15768000