tivolicasino.dk — domain check, WHOIS, DNS & reputation

HTML metadata

Title: Spil online og vind store pengepræmier | Tivoli Casino
Description: Spil online på et af Danmarks førende casinoer - Tivoli Casino. Adgang til danske spillemaskiner med Gratis Chancer ✔ Spil på mobil ✔ 12 mio. i jackpot ✔
Language: da-DK
Canonical: https://tivolicasino.dk

Technology

Stack: ASP.NET

Third-party hosts loaded (4)

tc-static.dk×6
kundecrm.my.site.com×1
nexus.ensighten.com×1
operationsmessengerservices.azurewebsites.net×1

DNS records live

NS

a1-34.akam.net
a10-64.akam.net
a11-66.akam.net
a12-67.akam.net
a4-64.akam.net
a5-67.akam.net

MX

10 tivolicasino-dk.mail.protection.outlook.com

TXT

Show 7 TXT records

_fjt7hnohoo69vqry41ny88uyj3frzs9
13ptr9wy3h5w8pht2jmqs2sc96jlk2sx
crg70x6bzdhy5vjkz94ksjhb18x1mrz1
pyjm4hnltyysbn9cdgzvs35sr9rxqfx1
d3kmvhtbh4mymry3qqnjlzn2d4vnrwp8
v=spf1include:_spf.salesforce.cominclude:spf.protection.outlook.com-all
2h34gkjdpr9vvfdzrx2k9zh0knplvkdf

Verified for

Google
Microsoft 365

Email authentication weak

SPF: v=spf1include:_spf.salesforce.cominclude:spf.protection.outlook.com-all
missing all
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-03-25 to 2026-06-23

Expires in 22 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://tivolicasino.dk/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kundecrm.my.site.com https://kundecrm.my.salesforce.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kundecrm.my.site.com https://kundecrm.my.salesforce.com https://service.force.com https://operationsmessengerservices.azurewebsites.net https://nexus.ensighten.com https://www.googletagmanager.com https://*.salesforceliveagent.com https://bs.serving-sys.com https://img.en25.com https://files.cdn.leadfamly.com https://*.snapchat.com https://app.varify.io https://*.clarity.ms https://*.hotjar.com https://sc-static.net https://connect.facebook.net https://collect.danskespil.dk https://tags.danskespil.dk; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://operationsmessengerservices.azurewebsites.net; img-src * data:; connect-src 'self' https://kundecrm.my.site.com https://kundecrm.my.salesforce-scrt.com https://kundecrm.secure.forc
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' https://kundecrm.my.site.com https://kundecrm.my.salesforce.com; script-src-elem 'self' 'unsafe-inline' https://kundecrm.my.site.com https://kundecrm.my.salesforce.com https://service.force.com https://operationsmessengerservices.azurewebsites.net https://nexus.ensighten.com https://www.googletagmanager.com https://*.salesforceliveagent.com https://bs.serving-sys.com https://img.en25.com https://files.cdn.leadfamly.com https://*.snapchat.com https://app.varify.io https://*.clarity.ms https://*.hotjar.com https://sc-static.net https://connect.facebook.net https://collect.danskespil.dk https://tags.danskespil.dk; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://operationsmessengerservices.azurewebsites.net; img-src 'self' data: https://track.adform.net https://www.facebook.com https://s166423343.t.eloqua.com https://ad.doubleclick.net https://*.clarity.ms https://tc

Links to (2)

spillemyndigheden.dk×1
stopspillet.dk×1

Linked from (2)

sidercasino.dk×1
danskespil.dk×1