tilauslaari.fi
HTML metadata
Technology
- Server
- Apache
- jQuery
- 3.6.0
- Fonts
-
- Google Fonts
Third-party hosts loaded (1)
- fonts.googleapis.com×2
Registration
- Created
- 2008-10-08
- Name servers
-
- nsb.perf1.com [ok]
- nsa.perf1.fr [ok]
- nsc.perf1.com [ok]
DNS records live
- NS
-
- nsa.perf1.fr
- nsb.perf1.com
- nsc.perf1.com
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 73 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://giosgbot.callwaves.fi https://*.googleapis.com https://eu2.snoobi.com https://www.google-analytics.com https://region1.google-analytics.com ; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/tailwindcss/ 'unsafe-inline' https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aisupport.fi https://eu2.snoobi.com https://*.googleapis.com https://www.google-analytics.com/ https://www.googletagmanager.com https://region1.google-analytics.com ; img-src 'self' data: https://giosgbot.callwaves.fi https://*.googleapis.com https://*.gstatic.com https://eu2.snoobi.com;- strict-transport-security
max-age=31536000; includeSubDomains