tpa-group.at

HTML metadata

Title

Ihre Steuerberatung in Österreich | TPA Steuerberatung

Description

Steuerberatung, Buchhaltung, Jahresabschluss, Personalverrechnung in Österreich: Wien, Graz, Innsbruck, St.Pölten, Krems, Klagenfurt, Villach.

Language

de-DE

Generator

WPML ver:4.8.1 stt:1,3;

Canonical

https://www.tpa-group.at/

Feeds

TPA Steuerberatung » Feed RSS

Open Graph

url: https://www.tpa-group.at/
title: Startseite
locale: de_DE
site name: TPA Steuerberatung
description: Steuerberatung, Buchhaltung, Jahresabschluss, Personalverrechnung in Österreich: Wien, Graz, Innsbruck, St.Pölten, Krems, Klagenfurt, Villach.

Technology

Server: nginx
CMS: WordPress
jQuery: 3.7.1

Cookie consent

Cookiebot

Third-party hosts loaded (4)

unpkg.com×2
consent.cookiebot.com×1
gmpg.org×1
www.google.com×1

Social

Contact

Email

Phone

DNS records live

NS

ns1.its-tpa.com
ns2.its-tpa.com
ns4.its-tpa.com
rz2-ns3.its-tpa.com

MX

10 pmg01.its-tpa.com
10 pmg02.its-tpa.com

TXT

8e02cefa43a0472cb8dce59c3951f7e2
f97a9a2979644a61927ee0313a1ffff2
m2eYSkIbnCpo8sE0pW9uUeVincjps5w0UyRnXf9kl99yO+EMfB8DMmVmFLzsIKIVRlchMYdsyvAtE2N46aO28w==

Verified for

Apple
Cisco
Google
Microsoft 365

Email authentication partial

SPF: v=spf1 mx include:its-tpa.com include:spf1.eyepinnews.com include:spf2.eyepinnews.com include:spf3.eyepinnews.com -all
strict (-all)
DMARC: v=DMARC1; p=none; rua=mailto:postmaster@tpa-group.at; ruf=mailto:postmaster@tpa-group.at;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

ZeroSSL ECC DV SSL CA 2

from 2026-04-15 to 2026-07-15

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.tpa-group.at/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles

Header values

referrer-policy: no-referrer-when-downgrade, origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=(), accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*
x-content-type-options: nosniff
content-security-policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: : same-site