weinhaus.ch
weinhaus.ch
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Shopify
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- cdn.shopify.com×51
- fonts.googleapis.com×2
- fonts.gstatic.com×1
- shop.app×1
Social
Contact
DNS records live
- NS
-
- ns.hostpoint.ch
- ns2.hostpoint.ch
- ns3.hostpoint.ch
- MX
-
- 1 aspmx.l.google.com
- 10 alt3.aspmx.l.google.com
- 10 alt4.aspmx.l.google.com
- 5 alt1.aspmx.l.google.com
- 5 alt2.aspmx.l.google.com
- Verified for
-
Email authentication partial
- SPF
-
v=spf1 include:_spf.google.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
-
- s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXx9XTQyKo/kuX+e63G6wdSf918l4S7h2K/1WKItqR6xa1YUuo4iw9z69pXfcLLLxXQUvxdgVWPWtQfXic… - s2:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrBR937hqmNsp1W8zBLF9WY+if1Nr+e2LufVdx2GTSXJqwxyytKzT33qGx6ewUZjBCFfldYtlmaD96f4py…
selectors probed - s1:
Certificate (current)
E7
Expires in 52 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; default-src 'self' https://cdn.shopify.com https://shopify.com 'nonce-29bb3ca91bcc95f96d42fb77cdf59eda'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://cdn.shopify.com https://fonts.googleapis.com https://unpkg.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://cdn.shopify.com/ https://monorail-edge.shopifysvc.com https://shop.weinhaus.ch https://wein-haus-eidmatt.myshopify.com; font-src 'self' https://fonts.gstatic.com data:- strict-transport-security
max-age=31536000