30cc.be

HTML metadata

Technology

Server

nginx

jQuery

1.11.3 known XSS (<3.5)

Analytics

• Google Tag Manager

Third-party hosts loaded (3)

• cdn.jsdelivr.net×1
• www.googletagmanager.com×1
• www.instagram.com×1

Social

• facebook
• instagram
• youtube

DNS records live

NS

• ns1.cloud.telenet.be
• ns2.cloud.telenet.be
• ns3.cloud.telenet.be

MX

• 10 smtp1.leuven.be

TXT

• domain-verification:b322911f4c3ba5f334f178c33db86e03d8c5a26c MS=ms81966096

Email authentication strong

SPF

v=spf1 ip4:193.191.179.11 include:prezlymail.com include:servers.mcsv.net include:spf.wearehostingyou.com include:spf.mandrillapp.com include:_spf.exonet.nl include:spf.protection.outlook.com include:_spf.spotler.email -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email;

policy: reject (enforced)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEFqbG3exj3tIFfckeOmCdJXzqZhBjr6sbqD+S67P+Bx9yWvkredgt9UfF04A+4jfKWjeVA+8/VDVkYVbAkH…
• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
• smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.30cc.be/nl

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (9)

• youtube.com×1
• vlaanderen.be×1
• ticketmatic.com×1
• stellaartois.com×1
• lov2030.be×1
• leuven.be×1
• instagram.com×1
• facebook.com×1
• dezondag.be×1

Linked from (2)

• pieterjanginckels.be×1
• anoctetemporis.org×1