toscanaenergia.eu

.eu crawl

First seen 2026-04-20 · Last seen 2026-05-19 · ok HTTP/1.1 200 8367 ms crawled 2026-05-14

IT · 195.231.6.75 · AS31034 Aruba S.p.A.

Reputation 100/100

Classifying

HTML metadata

Title: Home: Toscana Energia
Language: it-IT
Generator: TYPO3 CMS
Canonical: https://www.toscanaenergia.eu/it/

Open Graph

title: Home

Technology

Server: nginx

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (3)

cdn.jsdelivr.net×2
consent.cookiebot.com×1
www.googletagmanager.com×1

Social

Contact

Phone

800900202

DNS records live

NS

ns.abdns.biz
ns.abdns.eu
ns.abdns.info

MX

10 in.arubabusiness.it

TXT

Ho6TXoaQdgc2gss5t+NUvI6yOk10TaWiHyQ/tZ89rVs=

Verified for

GlobalSign
Microsoft 365

Email authentication strong

SPF

v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; pct=100; adkim=r; aspf=r; rua=mailto:dmarc_agg@vali.email

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrdpUHRBOANzCgzPRTJllszqIpjJj92Dr8Yah0+BkQgs+pUYTpClTumNHylXFwO/QwpV14E/+nS1jO…

selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2025-07-28 to 2026-08-29

Expires in 100 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.toscanaenergia.eu/it/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
weak content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https: https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests;
strict-transport-security: max-age=86400