indexo.dev

startbox.at

.at crawl

First seen 2026-06-03 · Last seen 2026-06-04 · ok HTTP/1.1 200 883 ms crawled 2026-06-03

AT · 213.145.225.10 · AS25575 Ledl.net GmbH & Co. KG

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Startbox - Werbeagentur, Grafik, Branding, Websites, E-Commerce,
Description
Wir sind Ihre Experten für die Bereiche Corporate Design, Grafik, Websites, Onlineshops, Digitalstrategie und Marketing
Language
de
Generator
WordPress 7.0
Canonical
https://startbox.at/
Feeds

Open Graph

url
https://startbox.at/
title
Startbox - Werbeagentur, Grafik, Branding, Websites, E-Commerce,
locale
de_DE
site name
Startbox
description
Bei uns finden Sie zwei Agenturen unter einem Dach. Wir bieten Ihnen umfassende Erfahrung und Leistungen in den Bereichen Konzeption, Grafik-Design, E-Business und Marketing – bei Neugründung, Betriebsübernahme, Produkteinführung oder in Ihrem Kommunikationsalltag.

Technology

Server
Apache
CMS
WordPress 7.0
PHP
8.2.31 security-only
jQuery
3.7.1
Analytics
  • Google Tag Manager
  • Microsoft Clarity
Ads
  • Google Ads (DoubleClick)
Fonts
  • Adobe Fonts
Social widgets
  • Vimeo Embed
Third-party hosts loaded (17)
  • webcache-eu.datareporter.eu×4
  • code.jquery.com×3
  • unpkg.com×3
  • www.google.com×3
  • www.googletagmanager.com×3
  • cdn.brevo.com×2
  • cdn.by.wonderpush.com×2
  • use.typekit.net×2
  • bat.bing.com×1
  • gmpg.org×1
  • googleads.g.doubleclick.net×1
  • maps.google.com×1
  • player.vimeo.com×1
  • scripts.clarity.ms×1
  • sibautomation.com×1
  • www.clarity.ms×1
  • www.gstatic.com×1

Social

Contact

Email
Phone
Address
Grillparzerstraße 3, 4400, Steyr, AT

DNS records live

NS
  • ns1.domaintechnik.at
  • ns2.domaintechnik.at
  • ns3.domaintechnik.at
  • ns4.domaintechnik.at
MX
  • 10 mail.startbox.at
TXT
  • MS=67E8CA1EB1682D8EFB198277F2C6ED4CF8259A2A
Verified for
  • Brevo
  • Google

Email authentication partial

SPF
v=spf1 mx a include:spf.ledl.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com
policy: none (monitoring only)
DKIM
  • mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed

Certificate (current)

E8
from 2026-04-25 to 2026-07-24
Expires in 50 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://startbox.at/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=*, usb=(), xr-spatial-tracking=()
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://sibforms.com https://in-automate.brevo.com https://sibautomation.com https://cdn.brevo.com/js/sdk-loader.js https://*.gstatic.com https://*.clarity.ms/ https://*.google.com/ https://*.bing.net https://*.bing.com https://www.googletagmanager.com *.googleadservices.com https://startbox.at https://www.wordfence.com https://yoast.com https://www.googletagmanager.com https://code.jquery.com https://unpkg.com https://webcache-eu.datareporter.eu https://*.doubleclick.net https://player.vimeo.com https://*.googleadservices.com;; style-src 'self' 'unsafe-inline' https://designsystem.brevo.com/ https://fonts.googleapis.com https://sibforms.com https://*.typekit.net https://webcache-eu.datareporter.eu;; img-src 'self' data: https://library.elementor.com https://bat.bing.com/ https://*.bing.net https://bat.bing.com/* https://www.google.at https://www.googleadservices.com https://img.icons8.com htt
strict-transport-security
max-age=31536000; preload, max-age=5184000; includeSubDomains; preload

Links to (6)

Linked from (2)