vinarstvivolarik.cz

HTML metadata

Title: Wine is our life | Winery Volařík
Language: en

Technology

Server: nginx
CMS: Gatsby
Stack: Django

Analytics

Google Tag Manager

Third-party hosts loaded (3)

scontent-waw2-2.xx.fbcdn.net×4
external-waw2-1.xx.fbcdn.net×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

+420519513553

Address

Vinařství Volařík a. s.K Vápence 1811/2a692 01 MikulovIČ 25817167DIČ CZ25817167

Registration

Registrar

REG-WEDOS

Created

2008-01-17

Expires

2027-01-16 227 days left

Updated

2017-08-29

Name servers

ns1.websupport.sk
ns2.websupport.sk
ns3.websupport.sk

DNS records live

NS

ns1.websupport.sk
ns2.websupport.sk
ns3.websupport.sk

MX

10 mx10.websupport.sk
100 mx20.websupport.sk

TXT

spf2.0/pra a mx include:_sid.m1.websupport.sk ?all

Email authentication partial

SPF

v=spf1 a mx include:_spf.m1.websupport.sk include:spf.contimex.cz include:spf.mailkit.eu -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc-rua@mailkit.com;

policy: none (monitoring only)

DKIM

mail: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZ8UoOK7h5QIdnwDS98+REqmmokqNE5ryYnNZHe6ZmyR8G6A8ZKtKa3zm9i5ykMnKt2adtpFNv47HQ…

selectors probed

Certificate (current)

ZeroSSL RSA DV SSL CA 2

from 2026-05-27 to 2026-08-26

Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.vinarstvivolarik.cz/en/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: same-origin
x-frame-options: DENY
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()
x-content-type-options: nosniff
content-security-policy: font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.g.doubleclick.net c.seznam.cz *.cookiehub.net *.cookiehub.eu *.google-analytics.com *.smartsuppchat.com *.smartsuppcdn.com *.hotjar.com *.facebook.net *.smartlook.com; frame-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cookiehub.net *.smartsuppcdn.com *.cookiehub.eu; default-src 'self' www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com/embed/ *.doubleclick.net; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.cz c.seznam.cz *.doubleclick.net *.facebook.com *.mapbox.com *.fbcdn.net; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net *.google.com *.google.cz *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy: same-origin; report-to="default"
cross-origin-embedder-policy: unsafe-none; report-to="default"
cross-origin-resource-policy: same-origin