ao.dk

Technology

Server

Microsoft-IIS

Stack

ASP.NET

Third-party hosts loaded (1)

• ao-cdn-gmaqdwhff0gagthr.a03.azurefd.net×2

DNS records live

NS

• kiki.ns.cloudflare.com
• mitch.ns.cloudflare.com

MX

• 0 ao-dk.mail.protection.outlook.com

TXT

Show 8 TXT records

• exRyI+OWH/Qd9oJmXci29HVMVf+PLzf1IA7JHSwOJl4=
• have-i-been-pwned-verification=4dabddcc4b547630b2f17395e3d0c2c2
• make-domain-verification=fd984a45-38d6-44c5-b66d-10fbc669a0bc
• pIHsfjExHxnBke0qI7JrqZXFjA983nfNbAvEmC4ulf/IG0f57zUXCGyTRe6PaqMtE1MCc8eIlIvOIpUXq26f4g==
• ubivox-site-verification=gW8RX29TdYWWjcRqxKutbeL1N
• _qaesvu337vdaln77aiegak0wachbjny
• barco-verification=7febdd83-9e45-55d4-b232-bf06bcbf809f
• bw=Ndtdl6eKKGzIuqGm2REy0kEc//rCZ9w45otItcUoJXZb

Verified for

• Apple
• Atlassian
• Microsoft 365
• OpenAI
• TeamViewer

Email authentication strong

SPF

v=spf1 include:_u.ao.dk._spf.smart.ondmarc.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; pct=100; sp=reject; rua=mailto:998a73ca@inbox.ondmarc.com; ruf=mailto:998a73ca@inbox.ondmarc.com; adkim=r; aspf=r; fo=0; rf=afrf; ri=3600

policy: reject (enforced) · sp=reject

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qEBzk6DeTq60jsyxHdslv0/aaPXZ7hqIce/5F/athsCimo9P8mNvfrEbDEA2kdtXwR7ZWaNYQvDWD…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSCaQo7KSV0Fs2cmjy12mxMgrl8vjfJFyGBAAsrbAp8OAkinym7Bbk9TKr46HbsLhaVTFc/LI7YWFN…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://ao.dk/

present

• strict-transport-security
• content-security-policy
• x-content-type-options

findings

• CSP uses wildcard sources
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Linked from (2)

• ubivox.dk×1
• anmeld-haandvaerker.dk×1