werthers-original.de

HTML metadata

Title

Werther's Original – köstlicher Karamell-Genuss

Description

Willkommen bei Werther’s Original! Ob karamellige Sahnebonbons, Caramel Popcorn oder weiche Toffees: jetzt die Karamell-Vielfalt entdecken. Zur Website

Language

de-DE

Generator

TYPO3 CMS

Canonical

https://www.werthers-original.de/de/uebersicht

Translations

en ×3
fr ×2
es
nl
pl

Open Graph

url: https://www.werthers-original.de/de/uebersicht
title: Werther's Original
description: Die köstliche Vielfalt von Werther’s Original entdecken!

Technology

Third-party hosts loaded (10)

static.storck.com×15
www.werthers-original.ca×2
logfiles.storck.com×1
www.werthers-original.co.uk×1
www.werthers-original.com.live.sto.adacor.net×1
www.werthers-original.es×1
www.werthers-original.fr×1
www.werthers-original.nl×1
www.werthers-original.pl×1
www.werthers-original.us×1

Registration

Updated

2025-11-03

Name servers

ns5.adacor.net.
ns.europe.adacor.net.
ns.global.adacor.net.

DNS records live

NS

ns.europe.adacor.net
ns.global.adacor.net
ns5.adacor.net

MX

10 werthersoriginal-de02b.mail.protection.outlook.com

TXT

QuoVadis=733455b5-f1f5-4634-8a07-3fed132c0cdd

Verified for

Google
Meta
Microsoft 365

Email authentication strong

SPF

v=spf1 mx include:spf.protection.outlook.com ~all

softfail (~all)

DMARC

v=DMARC1;p=reject;pct=100;rua=mailto:dmarc-reporting@storck.com

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgoTMe9d6fXowHXYKCBFgR3Zoanh2Fr0tgOzsVXE4RPtb4yD4fRs9faGa3Kl8r9nl7YKYrB4aCLQmL…

selectors probed

Certificate (current)

R13

from 2026-05-03 to 2026-08-01

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.werthers-original.de/de/uebersicht

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; default-src 'self' data: *.storck.com storck.piwik.pro *.amazonaws.com; script-src 'self' 'nonce-O_uEBf7hd0OvKeAEh9N-Rlm5uIpLFq2JJ71-XBPr709DqXIPPol0JA' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv *.mapbox.com tags.srv.stackadapt.com s3.us-west-2.amazonaws.com click2cart.com *.click2cart.com maps.googleapis.com; img-src 'self' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv ad.doubleclick.net adservice.google.com adservice.google.de cdn.filestackcontent.com *.amazonaws.com *.albertsons-media.com adservice.google.us assets.mikmak.workers.dev click2cart.com *.click2cart.com maps.gstatic.com maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.mikmak.tv tags.srv.stackadapt.com *.mapbox.com click2cart.com *.click2cart.com maxcdn.bootstrapcdn.com s3.us-west-2.amazonaws.com fonts.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mikmak.tv *.mapbox.com tags.srv.stackadapt.com click2cart.com *.click2car
strict-transport-security: max-age=31536000; includeSubDomains; preload