as3.fi
HTML metadata
Technology
- CMS
- Gatsby
- jQuery
- 2.1.1 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (4)
- ajax.googleapis.com×2
- ajax.aspnetcdn.com×1
- js.hs-scripts.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
Registration
- Created
- 2003-10-06
- Name servers
-
- ns3.eurodns.com [ok]
- ns2.eurodns.com [ok]
- ns1.eurodns.com [ok]
- ns4.eurodns.com [ok]
DNS records live
- NS
-
- ns1.eurodns.com
- ns2.eurodns.com
- ns3.eurodns.com
- ns4.eurodns.com
- MX
-
- 10 dk.mx1.mailanyone.net
- 20 dk.mx2.mx25.net
- 30 dk.mx3.mailanyone.net
- 40 dk.mx4.mx25.net
- TXT
-
prod-websites.azurewebsites.net
- Verified for
-
- Atlassian
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:_spf17580.spfprotect.com -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:6486ff7d2f2a7@dmarc.centerasecurity.com;policy: reject (enforced) - DKIM
-
- k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - k2:
Certificate (current)
Sectigo Public Server Authentication CA OV R36
Expires in 180 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
sameorigin- x-content-type-options
nosniff- content-security-policy
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'- strict-transport-security
max-age=31536000
Links to (10)
- unglobalcompact.org×1
- sharepoint.com×1
- lvlp.io×1
- linkedin.com×1
- hansel.fi×1
- facebook.com×1
- as3companies.com×1
- as3.se×1
- as3.no×1
- as3.dk×1