umweltfoerderung.at

.at crawl

First seen 2026-05-19 · Last seen 2026-05-31 · ok HTTP/1.1 200 1296 ms crawled 2026-05-27

AT · 5.254.187.132 · AS199205 Huemer Data Center GmbH

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Umweltförderung | Umweltförderung
Language: de-AT
Generator: TYPO3 CMS
Canonical: https://www.umweltfoerderung.at/

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

DNS records live

NS

ns1.world4you.at
ns2.world4you.at

MX

0 umweltfoerderung-at.mail.protection.outlook.com

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:_spf.kommunalkredit.at -all

strict (-all)

DMARC

v=DMARC1; p=none; pct=100; rua=mailto:dmarc@kommunalkredit.at; ruf=mailto:dmarc@kommunalkredit.at; aspf=r; adkim=r

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCged08XQRzC/hZZdRRCfhexDMdKlefKxO57y/piCMH291Q1loU8tEXA0elEOqrihsBU6O5r/I949VNIJxRy…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4p5XUa50jhCiDeyRoYzC/RVp2gGAKL/SyfJs3NLG5WhVfV0kwJebL7oGxgWUuOxuhiUU+1SwW0Z/+sByDH0…

selectors probed

Certificate (current)

from 2026-04-18 to 2026-07-17

Expires in 47 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.umweltfoerderung.at/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' *.onlim.com; img-src 'self' data: https: *.onlim.com maps.gstatic.com *.googleapis.com *.ytimg.com *.addthis.com *.cookiebot.com; frame-src 'self' *.onlim.com *.youtube-nocookie.com *.cookiebot.com *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.onlim.com *.googletagmanager.com *.cookiebot.com *.addthis.com *.moatads.com *.addthisedge.com matomo.kommunalkredit.at *.n8nchatui.com *.list-manage.com blob:; font-src 'self' data: https: *.addthis.com; connect-src 'self' wss: *.onlim.com *.screencode.at *.ddev.site *.plyr.io *.cookiebot.com *.addthis.com matomo.kommunalkredit.at; frame-ancestors 'self' matomo.kommunalkredit.at;
strict-transport-security: max-age=31536000; includeSubDomains