thomann.de

.de toplist crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 4850 ms crawled 2026-05-15

DE · 212.204.75.161 · AS8767 M-net Telekommunikations GmbH

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title

Buy musical instruments online from the market leader – Thomann International

Description

Buy your new musical instrument and accessories online from Europe's largest music retailer. Top quality and variety at Thomann.

Language

Canonical

https://www.thomann.de/intl/index.html

Translations

cs-cz
da-dk
de-at
de-ch
de-de
en-ae
en-be
en-gb
en-gr
en-ie
en-no
en-us
es-es
fi-fi
fr-fr
fr-lu
hu-hu
it-it
nl-nl
pl-pl
pt-pt
ro-ro
sv-se

Open Graph

url: https://www.thomann.de/intl/index.html
title: Thomann - Welcome Home!
locale: en_GB
site name: Musikhaus Thomann
description: Browse our huge range of musical instruments, studio, lighting, and PA equipment at Europe's largest music retailer. We have the hottest brands, affordable alternatives and many free resources for musicians.

Technology

CDN: Cloudflare
CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (20)

fast-images.static-thomann.de×142
thumbs.static-thomann.de×24
images.static-thomann.de×2
www.thomannmusic.com×2
www.googletagmanager.com×1
www.thomann.ae×1
www.thomann.at×1
www.thomann.co.uk×1
www.thomann.dk×1
www.thomann.es×1
www.thomann.fr×1
www.thomann.it×1
www.thomann.nl×1
www.thomann.pl×1
www.thomann.pt×1
www.thomann.ro×1
www.thomann.se×1
www.thomannmusic.ch×1
www.thomannmusic.hu×1
www.thomannmusic.no×1

Social

Registration

Updated

2023-09-15

Name servers

dns1.netzmarkt.de.
dns2.netzmarkt.de.

DNS records live

NS

dns1.netzmarkt.de
dns2.netzmarkt.de

MX

10 mail1.thomann.de
10 mail2.thomann.de

TXT

MS=ms40254401
google-site-verification=8bjpdTzcd_Orxv952NYYu6n4LqviSzJnKyExh42hKGY
google-site-verification=rf1HS0eTw9KO9GRlKV1sYp7u7iE5wrZUu40lJiK9uew

Email authentication partial

SPF

v=spf1 ip4:217.6.235.184/29 ip4:193.158.3.160/28 ip4:212.184.107.64/26 ip4:212.204.75.0/24 ip4:85.10.233.0/24 ip4:212.204.112.192/26 ip4:212.114.206.81 ip4:167.89.26.162 ip4:54.229.2.165 ip4:52.30.130.201 include:spf.protection.outlook.com a mx -all

strict (-all)

DMARC

v=DMARC1;p=none;pct=100;aspf=r;adkim=r;

policy: none (monitoring only)

DKIM

dkim: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYeeJFRJmM2x6nnewymzDs+qABn+w19LAGduj4Q+xes8XgC8cllfw1u6pL80w+ucCKxgU9uE91VSpv…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL1nRfNbi5ScEZg7sKFTSfklfmzp0Hco0TpZs1VjiBx/qF7Cu+3um7UePJk+r4thvwxvQzFjrT24U8jvSp…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV/tjs5rcBXeHfWU2cSm1KXMkCNPtri24fGxgZChMY4FgsC0Gc6aEUcuKgsAEC+NvHnWSNlgRtfi8W4tnQ…

selectors probed

Certificate (current)

RapidSSL TLS RSA CA G1

from 2026-03-02 to 2026-09-17

Expires in 121 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.thomann.de/intl/index.html

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomann.de app.storyblok.com connect.facebook.net analytics.tiktok.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google www.paypal.com; frame-src 'self' *.thomann.de *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google www.paypal.com; frame-ancestors 'self' app.storyblok.com; object-src 'none'