wienmobil.at
HTML metadata
Technology
Third-party hosts loaded (1)
- cdn1.legalweb.io×3
DNS records live
- NS
-
- dns1.energy-it.net
- dns2.energy-it.net
- MX
-
- 5 wienmobil-at.mail.protection.outlook.com
- TXT
-
XmSqWNX/6JW3r2oKd80WoCjl3FVraRH1hiw2lN7l1Gw2lnqJxzGN3meF02MGHFczC1qSeRmXGd0uljGnAk3DAA==
- Verified for
-
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 mx include:spf.wienit.at include:_spf.salesforce.com ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc@wienit.at; ruf=mailto:dmarc@wienit.at; rf=afrf; pct=100; ri=86400; fo=1policy: quarantine · sp=quarantine - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW5slLv4oFpDDg8UXQZjfrrVtPeOhyrE2Zau6woEKdGJ+OQpF2sMRHL0sHEAy9mu12Av18wHh/icl4…
selectors probed - selector1:
Certificate (current)
EUNETIC RSA Domain Validation Secure Server CA 3
Expires in 52 days
HTTP security headers
- present
-
- content-security-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src 'self'; font-src 'self' fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.google-analytics.com https://mapsneu.wien.gv.at; script-src 'self' *.legalweb.io 'unsafe-inline' maps.googleapis.com www.googletagmanager.com; worker-src 'self' blob:; style-src 'self' *.legalweb.io 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.googleapis.com *.wienerlinien.at data: maps.gstatic.com www.googletagmanager.com *.blob.core.windows.net https://mapsneu.wien.gv.at; frame-src 'self' *.youtube.com *.vimeo.com; media-src 'self' *.wienerlinien.at