alavus.fi

HTML metadata

Technology

jQuery

3.2.1 known XSS (<3.5)

Cookie consent

• Cookiebot

Fonts

• Font Awesome
• Google Fonts

Third-party hosts loaded (6)

• cdnjs.cloudflare.com×5
• code.jquery.com×2
• fonts.googleapis.com×2
• maxcdn.bootstrapcdn.com×2
• consent.cookiebot.com×1
• use.fontawesome.com×1

Social

• facebook
• instagram
• youtube

Contact

Phone

• (06) 2525 1000

DNS records live

NS

• ns1.alavus.fi
• ns2.alavus.fi

MX

• 0 alavus-fi.mail.protection.outlook.com

Email authentication strong

SPF

v=spf1 mx a include:spf1.alavus.fi include:spf2.alavus.fi ip4:185.85.55.160 a:mx01.alavus.fi ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; sp=none; rua=mailto:it_alerts@alavus.fi,mailto:dmarc_agg@vali.email; ruf=mailto:it_alerts@alavus.fi; rf=afrf; pct=100; ri=86400

policy: quarantine · sp=none

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5Ht/dBhx1VzG2bb42VEY0GopH2CYTGPXCka//h898xv2tLVzWdgrvRq2gro9b7dK12BC0/9FSY09itKcH7F…
• selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmY1trYUjH4rgX62skJ4+Lzoeh69gazAQTI31wCCMiY/NC4YZYCk6LoCdsukkY7NJmagK1rjrgiic+Lf9Ko5…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.alavus.fi/

present

• strict-transport-security
• content-security-policy

findings

• CSP uses wildcard sources
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (7)

• youtube.com×1
• visitalavus.fi×1
• kympin.fi×1
• investinalavus.fi×1
• instagram.com×1
• facebook.com×1
• asio.fi×1

Linked from (2)

• onnenkauppa24.fi×1
• kuortanegames.com×1