indexo.dev

wbw.ch

.ch crawl

First seen 2026-05-19 · Last seen 2026-05-31 · ok HTTP/1.1 200 6661 ms crawled 2026-05-29

CH · 217.26.51.176 · AS29097 Hostpoint AG

Reputation 81/100 weak security headers spf without fallback dmarc monitor-only

Classifying

HTML metadata

Title
werk, bauen+wohnen
Description
werk, bauen+wohnen presents topical and critical reports about Swiss architecture within the international context.
Language
en-GB
Generator
CMS CONTENIDO 4.10
Translations
  • de
  • en
  • fr

Technology

Server
Apache
jQuery
1.11.0 known XSS (<3.5)
Analytics
  • Google Tag Manager
Ads
  • Meta Pixel

Third-party hosts loaded (5)

  • cdnjs.cloudflare.com×4
  • api.tiun.live×2
  • connect.facebook.net×1
  • maxcdn.bootstrapcdn.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone
Address
Verlag Werk AGBadenerstrasse 18, 8004 ZürichT +41 44 218 14 30info@wbw.ch

DNS records live

NS
  • ns.hostpoint.ch
  • ns2.hostpoint.ch
  • ns3.hostpoint.ch
MX
  • 10 mx1.mail.hostpoint.ch
  • 10 mx2.mail.hostpoint.ch

Email authentication weak

SPF
v=spf1 include:_spf.createsend.com redirect=spf.mail.hostpoint.ch
missing all
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

R13
from 2026-05-23 to 2026-08-21
Expires in 81 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.wbw.ch/en

present
  • content-security-policy-report-only
findings
  • missing HSTS
  • missing Content Security Policy
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.google.ch https://*.doubleclick.net https://*.facebook.net https://*.googleapis.com https://servedbyadbutler.com https://api-staging.tiun.live https://api.tiun.live http://cdnjs.cloudflare.com http://maxcdn.bootstrapcdn.com http://platform.twitter.com https://s3.amazonaws.com; style-src 'self' 'unsafe-inline' http://cdnjs.cloudflare.com http://maxcdn.bootstrapcdn.com https://api-staging.tiun.live https://api.tiun.live http://fast.fonts.net https://fonts.googleapis.com https://cdn-images.mailchimp.com; img-src 'self' data: https://servedbyadbutler.com https://www.google.com https://www.google.ch https://www.google.co.th https://www.google.co.in https://*.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://assets.tiun.dev https://cdn-images.mailchimp.com https://w

Links to (3)

Linked from (8)