indexo.dev

starakfoundation.org

.org crawl

First seen 2026-05-21 · Last seen 2026-06-01 · ok HTTP/1.1 200 789 ms crawled 2026-05-28

PL · 79.96.179.246 · AS12824 home.pl sp. z o.o.

Reputation 87/100 weak security headers no dmarc policy

sector nonprofit type homepage

HTML metadata

Title
Home - Fundacja Rodziny Staraków
Description
Fundacja Rodziny Staraków / Spectra Art Space / Spectra Edu / Starak Foundation / Warszawa
Language
pl
Canonical
https://starakfoundation.org/pl/main
Feeds

Technology

Server
IdeaWebServer
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • fonts.googleapis.com×2
  • code.netwerk.pl×1
  • www.facebook.com×1

Social

Contact

Email

Registration

Registrar
Key-Systems GmbH
Created
2013-06-03
Expires
2027-06-03 365 days left
Updated
2025-11-25
Name servers
  • dns.home.pl
  • dns2.home.pl
  • dns3.home.pl

DNS records live

NS
  • dns.home.pl
  • dns2.home.pl
  • dns3.home.pl
MX
  • 0 starakfoundation-org.mail.protection.outlook.com
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
not published
DKIM
  • dkim: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1juhf6IXaxj/fwSAQGOLbkcLdcp4Phsj9yfayTAi0c695/OZNLZprpmYnr7wqFmAHs/l4kJm1sduX8…
selectors probed

Certificate (current)

Certyfikat SSL
from 2025-05-29 to 2026-06-21
Expires in 18 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://starakfoundation.org/pl/main

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; font-src 'self' *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' code.netwerk.pl *.googleapis.com *.gstatic.com; img-src 'self' code.netwerk.pl i.ytimg.com scontent.cdninstagram.com data:; frame-src 'self' www.youtube.com player.vimeo.com www.google.com soundcloud.com w.soundcloud.com audiomack.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.netwerk.pl googletagmanager.com google-analytics.com data:; object-src 'self'; frame-ancestors 'self';

Links to (3)

Linked from (3)