aags.ch

HTML metadata

Technology

Server

Apache

jQuery

2.2.0 known XSS (<3.5)

Analytics

• Google Tag Manager

Fonts

• Font Awesome

Third-party hosts loaded (5)

• ajax.googleapis.com×1
• cdnjs.cloudflare.com×1
• fast.fonts.net×1
• use.fontawesome.com×1
• www.googletagmanager.com×1

Contact

Phone

• 041 817 75 00

DNS records live

NS

• dnsmgr1.tophost.ch
• dnsmgr2.tophost.ch

MX

• 10 sr56.firestorm.ch

TXT

• swisssign-check=372aiWT4zjB6Cuk4XJbSE8x2sys

Verified for

• Apple
• Microsoft 365

Email authentication weak

SPF

v=spf1 +a +mx +ip4:46.232.179.243 ip4:5.148.188.19 ip4:5.148.183.72 ip4:5.148.183.98 include:relay.mailchannels.net include:agenturserver.de include:sr56.firestorm.ch include:smtp78.firestorm.ch ~all

softfail (~all)

DMARC

not published

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6qWyPjvPHc30zWaxflxSvmTq+nsjHZAFNmTCTDTSvFxahthhZvwEl7fsqbNRHs4FXz5C/oc1dc+Zw…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.aags.ch/

present

• x-content-type-options

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (2)

• tvsz.ch×1
• sicherheitskampagne-oev.ch×1

Linked from (4)

• tvsz.ch×1
• bus-voraus.ch×1
• tarifverbund-zug.ch×1
• passepartout.ch×1