xenakis.pl
xenakis.pl
HTML metadata
Technology
- Server
- Apache
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×4
- fonts.gstatic.com×1
- www.googletagmanager.com×1
Social
Contact
DNS records live
- NS
-
- dns.home.pl
- dns2.home.pl
- dns3.home.pl
- MX
-
- 10 xenakis-pl.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 include:spf.protection.outlook.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Fc7qb7nPCRdoZDOSZRUba2Yz+ARQa6h7rsGHU5/FWfsqQL5Gqr6v4ArRkdFugWTAJ1f21leJfgV1j… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EkmTDks5UygahUKR4ah3Q/MTeqpfQLFLdWkyH/RHP2mQ2wGGSFm0nqvQs8joTwJ7QADawU8SZHLNl…
selectors probed - selector1:
Certificate (current)
E8
Expires in 70 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
sameorigin- x-content-type-options
nosniff- content-security-policy
font-src *.gstatic.com *.typekit.net 'self' data:; script-src *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.google.pl *.typekit.net *.facebook.com *.facebook.net *.livechatinc.com *.3destate.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com *.typekit.net 'self' 'unsafe-inline'; frame-src *.onebutton.pl *.vimeo.com *.youtube.com *.google.com *.googletagmanager.com *.doubleclick.net *.3destate.pl 'self'; object-src 'self'; upgrade-insecure-requests- strict-transport-security
max-age=15552000; preload