thega.de

.de crawl

First seen 2026-04-15 · Last seen 2026-05-16 · ok HTTP/1.1 200 1574 ms crawled 2026-05-09

DE · 168.119.139.205 · AS24940 Hetzner Online GmbH

Reputation 94/100 dmarc monitor-only

sector government type homepage

HTML metadata

Title: Energieagentur des Landes Thüringen | ThEGA®
Description: ThEGA® | Thüringer Energie- und GreenTech-Agentur☑️ Energieagentur für Klimaschutz & Erneuerbare Energien☑️ Kostenfreie Beratung☑️
Language: de-DE
Generator: TYPO3 CMS
Canonical: https://www.thega.de/

Open Graph

title: Energieagentur des Landes Thüringen | ThEGA®
description: ThEGA® | Thüringer Energie- und GreenTech-Agentur☑️ Energieagentur für Klimaschutz & Erneuerbare Energien☑️ Kostenfreie Beratung☑️

Technology

Social widgets

YouTube Embed

Third-party hosts loaded (1)

www.youtube-nocookie.com×1

Social

Contact

Email

Phone

0361 5603-220

Address

Mainzerhofstraße 10, 99084, Erfurt, Deutschland

Registration

Updated

2019-01-16

Name servers

ns1.vodafone-ip.de.
ns2.vodafone-ip.de.
ns3.vodafone-ip.de.

DNS records live

NS

ns1.vodafone-ip.de
ns2.vodafone-ip.de
ns3.vodafone-ip.de

MX

10 thega-de.mail.protection.outlook.com

TXT

Show 4 TXT records

_p2tzieog4veojnkt1ckjqqmwyvoqtrr
MS=ms63746364
_uytmr7nkyegaqro4bm41loltye610em
rwd3t833mnzzz292221zdjz477cx0m03

Email authentication partial

SPF

v=spf1 mx ip4:31.3.84.112/28 ip4:91.137.13.16/28 ip4:92.79.126.80/28 include:spf.protection.outlook.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; adkim=s; aspf=s; rua=mailto:uz5b7zjh@rua.eu.dmarcmanager.app

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp8/JGEPKx4VK8zsCwZJ7SYGEw7EMU+yCPZ5e8BuRre6Cn/snfY1sBmTV28/5kWTf1kxDM/Yjr4bey…

selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1

from 2025-08-20 to 2026-08-20

Expires in 93 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.thega.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),accelerometer=(self),payment=()
x-content-type-options: nosniff
content-security-policy: frame-src 'self' www.youtube.com www.youtube-nocookie.com w.soundcloud.com player.vimeo.com *.google.com maps.googleapis.com www.leg-thueringen.de ee-wertschoepfung.de thega.modernisierungsratgeber.de; default-src 'self' 'unsafe-inline' maps.googleapis.com www.googletagmanager.com maps.google.com *.newsletter2go.com cdn.eye-able.com www.eye-able-cdn.com 'unsafe-eval' data:; connect-src 'self' www.googletagmanager.com region1.google-analytics.com maps.googleapis.com *.newsletter2go.com; style-src 'self' 'unsafe-inline' cdn.eye-able.com www.eye-able-cdn.com; object-src 'none'; frame-ancestors 'self' https://ee-wertschoepfung.de/;
strict-transport-security: max-age=31536000; includeSubDomains