ecca.eu
HTML metadata
Technology
- Server
- nginx
DNS records live
- NS
-
- ns1.bdm.microsoftonline.com
- ns2.bdm.microsoftonline.com
- ns3.bdm.microsoftonline.com
- ns4.bdm.microsoftonline.com
- MX
-
- 0 ecca-eu.mail.protection.outlook.com
- TXT
-
google-site-verification=n2lFrYCgBmxjlZiQcMcd-ebGpsT3OhgsKqgIWnZEpqAmscid=fjFemNyvGrBMWxJuyq1PprwnHfJHPJvg/k1YGmwcvP0WbXs5jTV1tNTQsPmzNQZ0xGJa1Wls/0Ce4AFiJOkkYg==
Email authentication weak
- SPF
-
v=spf1 include:spf.protection.outlook.com include:spf.mailjet.com include:servers.mcsv.net a:mailsrvc.up.pt a:mail-out.darklite.ie ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- selector2:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9LW0bb+4Pcfih38ax4aPAaZob59RVpAvd4YBXeZ6jGON88SZUMRqt8slIMWCgBEJdFkeVTVTCxKWL4+/2sw… - k1:
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed - selector2:
Certificate (current)
R13
Expires in 42 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
frame-ancestors 'self'; default-src 'self' data: blob: *.openstreetmap.org ; img-src data: blob: * *.momentjs.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.twitter.com *.youtube.com ajax.googleapis.com ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.easypack24.net *.tiktok.com *.ttwstatic.com *.inpost.pl ; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.instagram.com *.twitter.com *.easypack24.net *.inpost.pl *.tiktok.com *.ttwstatic.com *.googletagmanager.com *.cloudflare.com *.openstreetmap.org ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.momentjs.com momentjs.com *.google-analytics.com *.google.com connect.facebook.net *.instagram.com *.twitter.com *.googletagmanager.com *.hotjar.com *.gstatic.com *.easypack24.net *.tiktok.com *.ttwstatic.com *.inpost.pl ; connect-src 's- strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000;
Links to (26)
- ana-u.com×2
- colorid.com×2
- dc4eu.eu×2
- eidproject.eu×2
- elatec-rfid.com×2
- entrust.com×2
- esc-tension.eu×2
- esignforstudy.eu×2
- eunis.org×2
- europa.eu×2
- evolis.com×2
- hidglobal.com×2
- id-ware.com×2
- inepro.com×2
- isic.org×2
- kuario.com×2
- legic.com×2
- magicard.com×2
- mecenat.com×2
- naccu.org×2
- nedap.com×2
- saltosystems.com×2
- screencheck.com×2
- secanda.com×2
- systemhousesolutions.com×2
- transactcampus.com×2