wonniland.de

HTML metadata

Title: WONNILAND – dein Indoor Spieleparadies
Description: Willkommen im WONNILAND! Hier findest du eine Übersicht aller derzeitigen Indoor-Spieleparadise. Wähle deinen Standort ...
Language: de
Generator: HubSpot
Canonical: https://www.wonniland.de/

Technology

Server: Apache
CMS: WordPress

Registration

Updated

2026-02-26

Name servers

dns1.schwingedns.de.
dns2.schwingedns.de.
dns3.schwingedns.de.
dns4.schwingedns.de.

DNS records live

NS

dns1.schwingedns.de
dns2.schwingedns.de
dns3.schwingedns.de
dns4.schwingedns.de

MX

0 wonniland-de.mail.protection.outlook.com

TXT

MS=ms11272570

Email authentication weak

SPF

v=spf1 include:spf.protection.outlook.com -all

strict (-all)

DMARC

not published

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/c4dwqwtmwORblaQ8Lz0MC7e8FCUBWN36FZLWJclv5EK44JyvkjkGAoTIM0G0BmSuTShUitIGOONR…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqe5+aaPWFGLAxW6y9zIzrnwrmhHTjmnNyJ+tZ9aykFt6Fnx3qPMzD3/9djyG8dZ/Ft0Zf0kIM+tUJ…

selectors probed

Certificate (current)

E7

from 2026-04-16 to 2026-07-15

Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.wonniland.de/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
permissions-policy: accelerometer=(self), autoplay=(self), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=*, encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self "https://www.wonniland.de"), usb=(self), xr-spatial-tracking=(self)
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; child-src 'self' blob: https:; connect-src 'self' *.cloudflare.com *.googleapis.com *.ipify.org wss:; default-src 'self' https: data: *.wonniland.de; font-src 'self' fonts.gstatic.com data: https:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' avada.com *.youtube.com *.youtube-nocookie.com player.vimeo.com; media-src 'self' https: data: *.wonniland.de; object-src 'none'; img-src 'self' blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com/jsapi *.gstatic.com *.wonniland.de player.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com;
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: base-uri 'self'; child-src 'self' blob: https:; connect-src 'self' *.cloudflare.com *.googleapis.com *.ipify.org wss:; default-src 'self' https: data: *.wonniland.de; font-src 'self' fonts.gstatic.com data: https:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' avada.com *.youtube.com *.youtube-nocookie.com player.vimeo.com; img-src 'self' blob: data: https:; media-src 'self' https: data: *.wonniland.de; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com/jsapi *.gstatic.com *.wonniland.de player.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; report-uri /csp-report.php?csp=1&log=3&ver=1.0.2; report-to csp-report;

Links to (1)

wonnemar.de×2

Linked from (2)

wonnemar.de×2
sonthofen.de×1