whistleblower.dk
HTML metadata
Technology
Third-party hosts loaded (1)
- media.videotool.dk×1
DNS records live
- NS
-
- ns6.sitnet.dk
- ns7.sitnet.dk
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; sp=reject; rua=mailto:tcod1eh2@ag.eu.dmarcadvisor.com;policy: reject (enforced) · sp=reject - DKIM
-
Show 12 DKIM selectors
- default:
v=DKIM1; p= - google:
v=DKIM1; p= - selector1:
v=DKIM1; p= - selector2:
v=DKIM1; p= - k1:
v=DKIM1; p= - k2:
v=DKIM1; p= - mail:
v=DKIM1; p= - dkim:
v=DKIM1; p= - s1:
v=DKIM1; p= - s2:
v=DKIM1; p= - mxvault:
v=DKIM1; p= - smtpapi:
v=DKIM1; p=
selectors probed - default:
Certificate (current)
R12
Expires in 66 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- permissions-policy
fullscreen=(*), accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()- x-content-type-options
NOSNIFF- content-security-policy
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob:;frame-ancestors 'self';- strict-transport-security
max-age=31536000;