flux.be

HTML metadata

Technology

Server

nginx

CMS

WordPress

Social widgets

• Vimeo Embed

Third-party hosts loaded (5)

• cdn.jsdelivr.net×2
• 3dconfig.be×1
• cloud.umami.is×1
• gmpg.org×1
• player.vimeo.com×1

Social

• linkedin
• twitter
• facebook
• instagram

Contact

Email

• info@flux.be
• antwerpbelgiuminfo@flux.be

Phone

• +32485402671

DNS records live

NS

• ns0.transip.net
• ns1.transip.nl
• ns2.transip.eu

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

Email authentication partial

SPF

v=spf1 include:my.billit.be include:sparkpostmail.com include:_spf.mailspamprotection.com include:_spf.google.com include:spf.factuursturen.be a mx ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVfV8GIUVoWUgVtL2JEweQQyjHALIAu0EypHDavUesLDyrE4hVv3GpHLshqWhDljnC3gv06JXbb/g5…
• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstKzdYoZl0b9ja681fmYyFPKcYLWhsPotFGWbL1TMInsH1fPgIPLEBAToqGFDZaEDx0BbJ/mcnUdkW…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://flux.be/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (5)

• 3dconfig.be×1
• facebook.com×1
• instagram.com×1
• linkedin.com×1
• x.com×1

Linked from (7)

• beltug.be×1
• airportcarbonaccreditation.org×1
• cf-europe.eu×1
• brusselsivf.be×1
• edendesign.be×1
• canalengineers.com×1
• escrh.eu×1