tapanis.se
HTML metadata
Technology
- Server
- nginx
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (4)
- static.saveacdn.se×10
- savea.objects.dc-fbg1.glesys.net×2
- js-de.sentry-cdn.com×1
- www.googletagmanager.com×1
Contact
- Phone
DNS records live
- NS
-
- ns.communique.se
- ns2.communique.se
- MX
-
- 10 smtpgw04.communique.se
- 20 smtpgw02.communique.se
Email authentication weak
- SPF
-
v=spf1 include:spf.communique.se include:spf.savea.se ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 68 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; img-src * data: https://*.google-analytics.com/ https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.google.com https://google.com; media-src *; frame-src *; style-src * 'unsafe-inline'; font-src *; script-src https://static.saveacdn.se/ https://savea.objects.dc-fbg1.glesys.net/ 'unsafe-inline' https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://maps.googleapis.com/ https://*.googletagmanager.com/ https://www.googleadservices.com/ https://www.google.com/ https://*.facebook.net/ https://facebook.net/ https://*.facebook.com/ https://facebook.com/; connect-src 'self' *.sentry.io https://maps.googleapis.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/- strict-transport-security
max-age=31536000
Links to (2)
- savea.se×1
- google.com×1
Linked from (1)
- savea.se×1