svss.ch
HTML metadata
Technology
- Server
- Apache
Social
Contact
- Phone
DNS records live
- NS
-
- dns1.exigo.ch
- dns2.exigo.ch
- MX
-
- 10 avas-in1.exigo.ch
- 10 avas-in2.exigo.ch
Email authentication strong
- SPF
-
v=spf1 mx ip4:193.93.20.0/26 include:servicehoster.ch include:_spf.google.com -allstrict (-all) - DMARC
-
v=DMARC1;p=reject;pct=100;ruf=mailto:info@svss.ch;ri=86400;aspf=s;adkim=r;fo=0;policy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 36 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
Header values
- referrer-policy
no-referrer- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(self), microphone=(), camera=()- x-content-type-options
nosniff- content-security-policy
default-src 'none' https://svss.ch https://auth.sportkongress.ch https://members.svss.ch; base-uri 'self'; connect-src 'self' https://checkout.postfinance.ch https://auth.sportkongress.ch https://members.svss.ch api.mapbox.com events.mapbox.com my.tikee.io; frame-src 'self' https://checkout.postfinance.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob:; script-src 'self' data: https://checkout.postfinance.ch https://maxcdn.bootstrapcdn.com https://code.jquery.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; object-src 'self';- strict-transport-security
max-age=31536000; includeSubDomains; preload