chocolarium.ch

HTML metadata

Technology

Server

nginx

CMS

Drupal

Fonts

• Font Awesome

Third-party hosts loaded (4)

• cdn.jsdelivr.net×4
• use.fontawesome.com×2
• cdnjs.cloudflare.com×1
• wlk-ems.com×1

Social

• instagram
• facebook
• linkedin
• youtube

DNS records live

NS

• ns.hostpoint.ch
• ns2.hostpoint.ch
• ns3.hostpoint.ch

MX

• 10 chocolarium-ch.mail.protection.outlook.com

TXT

• tcEFHbY9FbN+SJwb5XViwkG0+cYnbsubiADA5XbsU3LHQoxO6TcTB3ok3f92JGsRzuk4fWYDyYdXm/0DBXEY5g==

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com include:wlk-msg.de -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100

policy: reject (enforced)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv6GK7nxJxXYDhWVdtsQDgVHPNEjS5qm9m8sNMxFIDT3amaV6cCmZOnZlCx6OSwJ4AuetsIqVBoTt5bbpgM2…
• selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjdzbYu6dyrHfmEnXcJbUNCrK6PmZZNUT26a2yprZQLmcm5G/zgJ9V87uwslBGH0TO7aG/3gtoM9gGqx2xYW…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://chocolarium.ch/

present

• x-frame-options
• x-content-type-options
• referrer-policy
• permissions-policy
• cross-origin-opener-policy
• cross-origin-embedder-policy
• cross-origin-resource-policy

findings

• missing HSTS
• missing Content Security Policy
• weak frame protection
• weak content type protection

Links to (7)

• youtube.com×1
• munz.ch×1
• minor.ch×1
• maestrani.ch×1
• linkedin.com×1
• instagram.com×1
• facebook.com×1

Linked from (4)

• minor.ch×1
• munz.ch×1
• maestrani.ch×1
• gallen-bodensee.ch×1