zss.ch
zss.ch
HTML metadata
Technology
- Server
- LiteSpeed
- CMS
- Joomla
- PHP
- 8.3.31 security-only
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (1)
- www.googletagmanager.com×1
Contact
- Phone
DNS records live
- NS
-
- dns1.neotrend.ch
- dns2.neotrend.ch
- MX
-
- 10 mx01.tophost.ch
- 10 mx02.tophost.ch
Email authentication weak
- SPF
-
v=spf1 +a +mx +ip4:46.232.179.183 +ip4:46.232.179.182 +include:relay.mailchannels.net ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uZbv3XIH82pAFQK/drMJ9y+ZvE/YvveAb/ussnXKGvJ21CNYtQbEgOc6jDHHJTS3ID3yRuHo34PAK…
selectors probed - default:
Certificate (current)
R12
Expires in 34 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- content-security-policy-report-only
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(self)- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://hcaptcha.com https://*.yumpu.com/ https://*.hcaptcha.com https://*.youtube.com https://*.youtube-nocookie.com https://*.openstreetmap.org https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'- strict-transport-security
max-age=31536000- cross-origin-opener-policy
same-origin- content-security-policy-report-only
frame-ancestors 'self'