fitnessoccasions.nl

HTML metadata

Technology

Server

nginx

CMS

Joomla

jQuery

1.12.4 known XSS (<3.5)

Analytics

• Google Tag Manager

Social widgets

• YouTube Embed

Third-party hosts loaded (4)

• code.jquery.com×1
• moderate.cleantalk.org×1
• www.googletagmanager.com×1
• www.youtube.com×1

Social

• facebook
• instagram
• youtube
• linkedin

Contact

Phone

• +31 (0) 548 539 720

DNS records live

NS

• ns1.connectium.nl
• ns2.connectium.nl
• ns3.connectium.nl

MX

• 10 filter10.connectium.nl
• 20 filter20.connectium.nl

TXT

• k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

Verified for

• Google

Email authentication partial

SPF

v=spf1 a mx ip4:185.93.24.212 ip4:145.131.3.202 include:_spf.elasticemail.com include:spf.connectium.nl include:spf.afas.online ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://fitnessoccasions.nl/

present

• x-content-type-options

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (4)

• youtube.com×1
• linkedin.com×1
• instagram.com×1
• facebook.com×1

Linked from (1)

• panattasport.nl×1