volkswagen.no
volkswagen.no
HTML metadata
Technology
- CMS
- Gatsby
Third-party hosts loaded (4)
- assets.volkswagen.com×4
- feature-services.vwonehub.io×1
- smartsignals2.smart-digital-solutions.de×1
- vw-tam.lighthouselabs.eu×1
DNS records live
- NS
-
- dina.ns.cloudflare.com
- igor.ns.cloudflare.com
- MX
-
- 10 volkswagen-no.mail.protection.outlook.com
- TXT
-
_09sa835izsfnk5we6axaqra1u2rz3lq
- Verified for
-
- Meta
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com ip4:98.128.231.195 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; sp=reject; rua=mailto:69683fbbc0bc4b5687ceec1026ebb726@dmarc-reports.cloudflare.net; pct=100; ri=86400policy: reject (enforced) · sp=reject - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eeAS0JdmYo4TniTAOhJ3vV9r0jR1sq1XiSm/OyGD+hC15GXR1TorBEVzAOOIIM++MQ9/f3peKeg37…
selectors probed - selector1:
Certificate (current)
Amazon RSA 2048 M04
Expires in 75 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:;- strict-transport-security
max-age=31536000