bath.ac.uk

HTML metadata

Technology

Server

Apache

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Social widgets

• Vimeo Embed

Third-party hosts loaded (6)

• live.staticflickr.com×16
• cdnjs.cloudflare.com×2
• player.vimeo.com×2
• code.jquery.com×1
• fonts.googleapis.com×1
• www.googletagmanager.com×1

Social

• instagram
• linkedin
• youtube
• facebook
• tiktok

DNS records live

NS

• ns1.bath.ac.uk
• ns2.bath.ac.uk
• ns2.ja.net

MX

• 10 bath-ac-uk.mail.protection.outlook.com

TXT

Show 10 TXT records

• rhino_accounts=b2fc5e060e6851c6779b478be468246e
• QuoVadis=6067ac6b-3891-4eef-ba00-3f6ea89300ff
• bb09bda1-ab2e-4d47-9756-60bb21e4efcd
• MS=ms77486723
• apple-domain-verification=iaIBuTJU6sKaYZ84
• QuoVadis=5f653617-77e3-4967-865c-8484da4df2d9
• google-site-verification=G0rLRTI7ZTpk0Z7-NWPRKXvlQko59uZapj5Ifa_tQlI
• jamf-site-verification=NVY5nyuRoa0kVdIWDm_qpw
• 30a8h33j7eredj6eb4tmfqkkt8
• 7BkM5ZegAkguxg8jD/qjscLV4GSVOhmxkNDT09Ic2eGDdDtkeWWPVPsk/0N/bgYT+QjHBDzVGPKIK5+beJAFvA==

Email authentication strong

SPF

v=spf1 ip4:138.38.1.48/28 ip4:138.38.1.64/28 include:spf.protection.outlook.com include:spf.ireshotels.com include:_spf.eu.messagegears.net -all

strict (-all)

DMARC

v=DMARC1; p=reject; sp=reject; rua=mailto:dmarc_agg@vali.email,mailto:dmarc-rua@dmarc.service.gov.uk

policy: reject (enforced) · sp=reject

DKIM

Show 4 DKIM selectors

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokstBbd8Nak0OOwq5hDzSDFzsdC4YU08qYkaAdd/KZTpg1vKofO6kSWYijG8QNfLuBjs4DF3NztyXa…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTmfnM+hnf0URIsWsj23gnb9xh4QX7KuPByhYLgXFvgP5quJdPjD6LQvncauhLPRXXI1185KJDQSTj…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq1z5QKyoGkx7TR3xRMwtkQ9xItkiAyF/2NGSIZ3+KFo/CiypDbsCC/srxQJnwbdr+lxfk1iXCthMmq31U…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDicWEPqakBLfu0Yw2JJv4DAQ8+7nAh7d3aaS/PUla6LXEoQapGWlwiaIO+QwLUyyBW++qIA+iR4TZPlJonKvCs6T…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.bath.ac.uk/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (10)

• csct.ac.uk×4
• iaaps.co.uk×4
• instagram.com×4
• linkedin.com×4
• youtube.com×4
• facebook.com×4
• weibo.com×4
• snapchat.com×4
• tiktok.com×4
• xiaohongshu.com×4

Linked from (29)

• csct.ac.uk×4
• setsquared.co.uk×3
• icast.org.uk×3
• imo-register.org.uk×2
• nxzhao.com×2
• revealcentre.org×2
• anupamdas.com×2
• noamz.org×2
• nofreeviewnoreview.org×2
• tooledupeducation.com×2
• tobaccotactics.org×2
• arttia.co.uk×2
• maths4dl.ac.uk×2
• citeab.com×2
• toffu.co×2
• divestmentdatabase.org×2
• gor-ev.de×2
• switchtheplay.com×2
• c20society.org.uk×2
• europeanbusinessreview.com×2
• yerun.eu×2
• iea.nl×1
• nestinsight.org.uk×1
• dagmargromann.com×1
• kidsinventstuff.com×1
• milesbrundage.com×1
• discribehub.org×1
• transforminghomes.org.uk×1
• lutteroth.me×1