tabs.no
HTML metadata
Technology
- Server
- Apache
- jQuery
- 3.7.1
DNS records live
- NS
-
- ns-1051.awsdns-03.org
- ns-1630.awsdns-11.co.uk
- ns-445.awsdns-55.com
- ns-721.awsdns-26.net
- MX
-
- 1 aspmx.l.google.com
- 10 aspmx2.googlemail.com
- 10 aspmx3.googlemail.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- Verified for
-
- 1Password
Email authentication strong
- SPF
-
v=spf1 include:_spf.google.com ~allsoftfail (~all) - DMARC
-
v=DMARC1;p=reject;rua=mailto:dmarc-reports@tabs.no;fo=1policy: reject (enforced) - DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8mLfRc7KJt+/jXljvOJxlBHvo8iN6ypJdlwzf/eVhwcXJLBKp+lvjgv3WsLj7WzBI31YYECFg/FOcISi++L…
selectors probed - google:
Certificate (current)
Amazon RSA 2048 M04
Expires in 136 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self'; connect-src 'self' *.googleapis.com *.tabs.no; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net *.tabs.no; frame-src *.tabs.no player.vimeo.com *.tabs.no; img-src 'self' data: blob: maps.googleapis.com mapsresources-pa.googleapis.com *.teoricentralen.se lh3.ggpht.com *.gstatic.com *.google.com *.vimeocdn.com *.tabs.no; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com cdn.jsdelivr.net *.tabs.no; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tabs.no; report-uri /platform/security/csp-report; worker-src 'self' blob: *.tabs.no
Links to (3)
- limegreen.no×1
- google.com×1
- apple.com×1