fc-eindhoven.nl

HTML metadata

Technology

Server

LiteSpeed

CMS

WordPress

PHP

7.4.33 end of life

jQuery

1.12.4 known XSS (<3.5)

Analytics

• Google Tag Manager

Cookie consent

• Cookiebot

Third-party hosts loaded (5)

• code.jquery.com×2
• www.google.com×2
• consent.cookiebot.com×1
• f4c378bb19cc42e0bf0001bfa4d41f41.js.ubembed.com×1
• www.googletagmanager.com×1

DNS records live

NS

• ns1.cloud86.nl
• ns2.cloud86.nl
• ns3.cloud86.eu

MX

• 10 mx1-eu1.ppe-hosted.com
• 20 mx2-eu1.ppe-hosted.com

Verified for

• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 include:sendgrid.net include:spf.ymlp.com include:spf.protection.outlook.com include:authsmtp.com include:_spf-eu.ppe-hosted.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKvZubjALmeF6GetPxbBIvDVzGwBpwHoGOCJ6VEKPIenT16pLQUp7CMjpPi1dXbi24A0OMAsBsRcOxV99r…
• s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nPlek+CXMgIQFOaVNRXiZvomtYeGIMQli0i8s60gIL8zNSO88ChfxCUnKsY9wHImZR7sPjM9vwgiFixDM…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://fc-eindhoven.nl/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (22)

• clubvangoeivolk.nl×1
• derbystar.nl×1
• e-boekhouden.nl×1
• edco.nl×1
• espn.nl×1
• facebook.com×1
• fc-eindhovenav.nl×1
• heezenbv.nl×1
• hermes.nl×1
• keukenkampioen.nl×1
• keukenkampioendivisie.nl×1
• libra.nl×1
• linkedin.com×1
• onlineklik.nl×1
• playable.com×1
• snep.nl×1
• solutio365.nl×1
• springplank.org×1
• srpzuid.nl×1
• twitter.com×1
• vanmossel.nl×1
• vdlgroep.com×1

Linked from (2)

• clubvangoeivolk.nl×1
• fc-eindhovennieuws.nl×1