transportgzm.pl
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
- Fonts
-
- Google Fonts
Third-party hosts loaded (2)
- fonts.googleapis.com×2
- fonts.gstatic.com×1
DNS records live
- NS
-
- dns.home.pl
- dns2.home.pl
- dns3.home.pl
- MX
-
- 10 mx-1.dpoczta.pl
- 10 mx-2.dpoczta.pl
- TXT
-
mojecertpl-site-verification-gtfNGPJwGIgEn4lsTii6oejfHRAwek0O
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:_mail.dhosting.pl -allstrict (-all) - DMARC
-
v=DMARC1; p=quarantine; rua=mailto:dmarc@transportgzm.plpolicy: quarantine - DKIM
- no key found at common selectors
Certificate (current)
Certum Organization Validation CA SHA2
Expires in 48 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
same-origin- x-frame-options
DENY- permissions-policy
geolocation=(self "https://transportgzm.pl" "https://*.transportgzm.pl")- x-content-type-options
nosniff- content-security-policy
default-src 'unsafe-inline' 'unsafe-eval' *.tile.openstreetmap.org www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com fonts.gstatic.com fonts.googleapis.com transportgzm.pl account.transportgzm.pl webchat.transportgzm.pl data:- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
same-origin, same-origin- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin
Links to (2)
- google.com×1
- apple.com×1