vastervikexpress.se
vastervikexpress.se
HTML metadata
Technology
- Server
- nginx
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (5)
- static.saveacdn.se×10
- public.saveacdn.se×2
- savea.objects.dc-fbg1.glesys.net×2
- js-de.sentry-cdn.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- jimmy.ns.cloudflare.com
- magdalena.ns.cloudflare.com
- MX
-
- 10 vastervikexpress-se.mail.protection.outlook.com
- TXT
-
v=spf1include:spf.protection.outlook.cominclude:spf.savea.se-all
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1include:spf.protection.outlook.cominclude:spf.savea.se-allmissing all - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 68 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; img-src * data: https://*.google-analytics.com/ https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.google.com https://google.com; media-src *; frame-src *; style-src * 'unsafe-inline'; font-src *; script-src https://static.saveacdn.se/ https://savea.objects.dc-fbg1.glesys.net/ 'unsafe-inline' https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://*.googletagmanager.com/ https://www.googleadservices.com/ https://www.google.com/ https://maps.googleapis.com/ https://*.facebook.net/ https://facebook.net/ https://*.facebook.com/ https://facebook.com/; connect-src 'self' *.sentry.io https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/- strict-transport-security
max-age=31536000
Links to (3)
- savea.se×1
- google.com×1
- facebook.com×1