indexo.dev

thomann.at

.at crawl

First seen 2026-05-27 · Last seen 2026-05-30 · ok HTTP/1.1 200 616 ms crawled 2026-05-30

DE · 212.204.75.160 · AS8767 M-net Telekommunikations GmbH

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Musikinstrumente online kaufen beim Marktführer – Thomann Österreich
Description
Kaufe dein neues Musikinstrument und Zubehör online bei Europas größtem Musikhändler. Top-Qualität und Auswahl bei Thomann.
Language
de
Canonical
https://www.thomann.at
Translations
  • en ×7
  • de ×3
  • fr ×2
  • cs
  • da
  • es
  • fi
  • hu
  • it
  • nl
  • pl
  • pt
  • ro
  • sv

Open Graph

url
https://www.thomann.at
title
Thomann - Willkommen zu Hause!
locale
de_DE
site name
Musikhaus Thomann
description
Bei uns finden Sie alles zum Thema Musikinstrumente, Studio-, Licht- und Beschallungstechnik – die angesagtesten Marken, preiswerte Alternativen sowie viele kostenlose Extras für Musiker.

Technology

CDN
Cloudflare
CMS
Gatsby
Analytics
  • Google Tag Manager
Third-party hosts loaded (20)
  • fast-images.static-thomann.de×142
  • thumbs.static-thomann.de×24
  • www.thomann.de×7
  • images.static-thomann.de×2
  • www.thomannmusic.com×2
  • www.googletagmanager.com×1
  • www.thomann.ae×1
  • www.thomann.co.uk×1
  • www.thomann.dk×1
  • www.thomann.es×1
  • www.thomann.fr×1
  • www.thomann.it×1
  • www.thomann.nl×1
  • www.thomann.pl×1
  • www.thomann.pt×1
  • www.thomann.ro×1
  • www.thomann.se×1
  • www.thomannmusic.ch×1
  • www.thomannmusic.hu×1
  • www.thomannmusic.no×1

Social

DNS records live

NS
  • a.ns14.net
  • b.ns14.net
  • c.ns14.net
  • d.ns14.net
Verified for
  • Google

Email authentication no MX

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

E8
from 2026-04-27 to 2026-07-26
Expires in 55 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.thomann.at/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomann.at *.thomann.de app.storyblok.com connect.facebook.net analytics.tiktok.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google www.paypal.com; frame-src 'self' *.thomann.at *.thomann.de *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google www.paypal.com; frame-ancestors 'self' app.storyblok.com; object-src '

Links to (8)

Linked from (1)