bevazet.nl

HTML metadata

Technology

Server

nginx

jQuery

1.12.4 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Third-party hosts loaded (4)

• cdn.linearicons.com×2
• stackpath.bootstrapcdn.com×2
• code.jquery.com×1
• www.googletagmanager.com×1

Social

• facebook
• youtube
• instagram

Contact

Email

• info@bevazet.nl

Phone

• +31184642525
• 0184-64 29 74

DNS records live

NS

• ns0.transip.net
• ns1.transip.nl
• ns2.transip.eu

MX

• 0 bevazet-nl.mail.protection.outlook.com

TXT

• spf2.0/pra include:x6h4a11.com ~all

Verified for

• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:92.111.207.146 ip4:194.123.30.81 include:spf.mandrillapp.com include:spf.smtp2go.com include:spf.mailcamp.nl include:mailgun.org include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1;p=none;rua=mailto:6e1dd9dfd5@rua.easydmarc.us;ruf=mailto:6e1dd9dfd5@ruf.easydmarc.us;fo=1

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtlJw5kgTHkyEfVbAUTRL22fRPP2AC02DPe5BAI8RMAWj7MPTVVcQJu4MVIz3wA7cApkyoDZlU5l/A…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://bevazet.nl/

present

• strict-transport-security
• x-content-type-options

findings

• missing Content Security Policy
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (11)

• youtube.com×1
• werktruien.nl×1
• werkshirts.nl×1
• werkschoeisel.nl×1
• werkoverhemden.nl×1
• werkoveralls.nl×1
• werkjassen.nl×1
• werkbroeken.nl×1
• thuiswinkel.org×1
• instagram.com×1
• facebook.com×1

Linked from (9)

• werktruien.nl×1
• werkbroeken.nl×1
• werkoverhemden.nl×1
• werkshirts.nl×1
• werkoveralls.nl×1
• werkschoeisel.nl×1
• werkjassen.nl×1
• beginplek.nl×1
• mannenplek.nl×1