indexo.dev

grüüün.de

.de crawl

First seen 2026-04-28 · Last seen 2026-05-19 · ok HTTP/1.1 200 1344 ms crawled 2026-05-07

DE · 78.47.8.142 · AS24940 Hetzner Online GmbH

Reputation 87/100 weak security headers no dmarc policy

Classifying

HTML metadata

Title
100 % Ökostrom mit 18 % Rabatt & 10 Jahren Preisgarantie - grüüün
Description
grüüün bietet Dir ★ 100 % grünen Strom aus Deutschland mit 10 Jahren Preisgarantie ✓ nachhaltig ✓ fair ✓ ohne Zwischenhändler ► Jetzt zum Stromfürsorger wechseln!
Language
de
Generator
WordPress 6.9.4
Canonical
https://xn--grn-ioaaa.de/

Open Graph

url
https://xn--grn-ioaaa.de/
title
100 % Ökostrom mit 18 % Rabatt & 10 Jahren Preisgarantie - grüüün
locale
de_DE
site name
grüüün
description
grüüün bietet Dir ★ 100 % grünen Strom aus Deutschland mit 10 Jahren Preisgarantie ✓ nachhaltig ✓ fair ✓ ohne Zwischenhändler ► Jetzt zum Stromfürsorger wechseln!

Technology

Server
Apache
CMS
WordPress
Analytics
  • Google Tag Manager

Third-party hosts loaded (5)

  • analytics.ahrefs.com×1
  • app.varify.io×1
  • cdn.consentmanager.net×1
  • cdn.evuchatbot.de×1
  • www.googletagmanager.com×1

Social

Registration

Updated
2026-02-12
Name servers
  • helium.ns.hetzner.de.
  • hydrogen.ns.hetzner.com.
  • oxygen.ns.hetzner.com.

DNS records live

NS
  • helium.ns.hetzner.de
  • hydrogen.ns.hetzner.com
  • oxygen.ns.hetzner.com
MX
  • 10 mx01.hornetsecurity.com
  • 20 mx02.hornetsecurity.com
  • 30 mx04.hornetsecurity.com
  • 40 mx04.hornetsecurity.com
TXT
  • trustpilot-one-time-verification-id=61e9dd47-7fa3-42ea-9f66-92f05b51b961
  • 202408190705191cwrqu8hvht6kxm10rsfl9u0rtwyupggcelyabk9t2bekbpltg
Verified for
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:_spf.hetzner.com include:spf.protection.outlook.com include:spf.hornetsecurity.com include:spf.exclaimer.net -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-03-02 to 2026-05-31
Expires in 11 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://xn--grn-ioaaa.de/

present
  • content-security-policy
  • referrer-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy
upgrade-insecure-requests;frame-ancestors 'self' https://*.google.com https://www.google-analytics.com https://*.evuchatbot.de https://*.varify.io https://*.matomo.cloud https://*.grueueuen.matomo.cloud https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.varify.io https://editor.varify.io https://bat.bing.net https://cdn.equalweb.com https://access.equalweb.com https://www.facebook.com https://www.google.de https://googleads.g.doubleclick.net https://www.googleadservices.com https://adservice.google.com https://td.doubleclick.net https://15048985.fls.doubleclick.net https://ad.doubleclick.net https://consent.cookiebot.com https://www.google-analytics.com https://*.evuchatbot.de https://app.varify.io https://bat.bing.com https://*.matomo.cloud https://*.grueueuen.matomo.cloud https://*.googletagmanager.com https://*.consentmanager.net https://*.hotjar.com https://*.clarity.ms https://www.google.com https://www.gstatic.com https://*.amazonaws.com ht
cross-origin-opener-policy
unsafe-none, unsafe-none
cross-origin-embedder-policy
unsafe-none; report-to='default', unsafe-none; report-to='default'
cross-origin-resource-policy
cross-origin, cross-origin

Links to (4)

Linked from (1)