tuulo.de

HTML metadata

Title

Tuulo: Fenster, Türen und Fensterbänke planen & bestellen

Description

Ob als Fensterbauer oder Handelspartner. Mit tuulo kannst Du, Türen und Fensterbänke extrem schnell planen und bestellen. Einfach in Deinem Browserfenster.

Language

de

Generator

All in One SEO (AIOSEO) 4.9.7.1

Canonical

https://www.tuulo.de/

Translations

de
en

Open Graph

url: https://www.tuulo.de/
title: Tuulo: Fenster, Türen und Fensterbänke planen & bestellen
locale: de_DE
site name: Tuulo - Das beste digitale Werkzeug für jeden Fensterbauer
description: Ob als Fensterbauer oder Handelspartner. Mit tuulo kannst Du, Türen und Fensterbänke extrem schnell planen und bestellen. Einfach in Deinem Browserfenster.

Technology

Server: Apache
CMS: WordPress

Third-party hosts loaded (1)

widget.trustpilot.com×1

Social

Registration

Updated

2022-05-02

Name servers

ns1.your-server.de.
ns3.second-ns.de.
ns.second-ns.com.

DNS records live

NS

ns.second-ns.com
ns1.your-server.de
ns3.second-ns.de

MX

10 mail.tuulo.de

Email authentication strong

SPF: v=spf1 a mx -all
strict (-all)
DMARC: v=DMARC1;p=quarantine;sp=quarantine;pct=100;adkim=r;aspf=r;
policy: quarantine · sp=quarantine
DKIM: no key found at common selectors

Certificate (current)

Thawte TLS RSA CA G1

from 2025-12-04 to 2027-01-05

Expires in 230 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.tuulo.de/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
x-content-type-options: nosniff, nosniff
content-security-policy: upgrade-insecure-requests;, default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ams.wpml.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ams.wpml.org; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.tuulo.de https://*.openstreetmap.org; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; frame-src 'self' blob: https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.primandis.de/ https://youtu.be/; connect-src 'self' https://ams.wpml.org https://nominatim.openstreetmap.org https://www.google-analytics.com https://region1.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net;
strict-transport-security: max-age=, max-age=63072000
cross-origin-opener-policy: unsafe-none, unsafe-none
cross-origin-embedder-policy: unsafe-none; report-to='default', unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin, cross-origin

Links to (8)

Linked from (1)

gutmann.de×2