e-lfh.org.uk

HTML metadata

Technology

Server

Microsoft-IIS

CMS

WordPress

ASP.NET

4.0.30319

jQuery

1.10.2 known XSS (<3.5)

Stack

ASP.NET

Analytics

• Google Tag Manager

Third-party hosts loaded (3)

• www.googletagmanager.com×2
• ajax.googleapis.com×1
• cdnjs.cloudflare.com×1

DNS records live

NS

• ns1-03.azure-dns.com
• ns2-03.azure-dns.net
• ns3-03.azure-dns.org
• ns4-03.azure-dns.info

MX

• 10 e-lfh.org.uk.1.0001.arsmtp.com
• 20 e-lfh.org.uk.2.0001.arsmtp.com

TXT

• _fz7ui7rpie3h6wsbn70ik8aoc8a9n4z

Email authentication strong

SPF

v=spf1 include:spf1.e-lfh.org.uk include:spf2.e-lfh.org.uk include:spf3.e-lfh.org.uk -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:gjwyoqeh@ag.dmarcian.com

policy: reject (enforced)

DKIM

• mail: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCspt0a17aM+Izftjr4bGqv/JKBF8rr6uiMFiX34lMcWcGT951OvxVegA081lqxKHMUyfahYy9rQsgrQN8dgmuUeS9ho…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFG+WUFSNsTpGxnyOhMl0ZpYeqBV48fsl9X/8K4stNF47FA27EfxzBHShtae2WXZUA1YYS27aNQa6KWXrb…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCnG/LwDB1XjUdk6ZeGqbyi2+vHLz9YaOk23vXWym/2EEwGVlFOGnrmTDuzJLhETuTxjjlduDW7uXbMombbFnYaj…

selectors probed

Certificate (current) wrong cert

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://portal.e-lfh.org.uk/

present

• content-security-policy

findings

• missing HSTS
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (3)

• hee.nhs.uk×1
• esr.nhs.uk×1
• england.nhs.uk×1

Linked from (1)

• footindiabetes.org×1