steps.ch
steps.ch
HTML metadata
Technology
- Cookie consent
-
- OneTrust
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (3)
- cdn.cookielaw.org×1
- www.facebook.com×1
- www.youtube.com×1
Social
DNS records live
- NS
-
- migze100.migros.ch
- migze104.migros.ch
- ns3.migros.ch
- MX
-
- 10 mx.netzone.ch
- TXT
-
dtm-domain-verification=2oHbnao-qGXOqaN6yjUrBeVfo9-NLSD2tgVNkcXnQCw
Email authentication weak
- SPF
-
v=spf1 ip4:212.243.197.0/24 a:vmail.mironet.ch include:spf.netzone.ch -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 64 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
style-src 'self' 'unsafe-inline' https://cdn.fonts.net/ https://cdn.jsdelivr.net/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.migros.ch https://cdn.jsdelivr.net/ https://cdn.cookielaw.org https://connect.facebook.net https://code.jquery.com https://url.xcpro.ch; font-src 'self' 'unsafe-inline' https://cdn.migros.ch https://cdn.fonts.net https://fonts.googleapis.com; media-src 'self' 'unsafe-inline'; worker-src blob:; object-src 'none';- strict-transport-security
max-age=31536000; includeSubDomains
Links to (7)
- facebook.com×1
- groove-n-move.ch×1
- hora.ch×1
- instagram.com×1
- migros.ch×1
- sbb.ch×1
- youtube.com×1