fpm.org.uk

HTML metadata

Technology

Server

nginx

CMS

WordPress

jQuery

3.4.1 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Social widgets

• YouTube Embed

Third-party hosts loaded (4)

• www.youtube.com×3
• ajax.googleapis.com×1
• gmpg.org×1
• www.googletagmanager.com×1

DNS records live

NS

• ns0.phase8.net
• ns1.phase8.net
• ns2.phase8.net

MX

• 0 fpm-org-uk.mail.protection.outlook.com

TXT

• 0ed1fe018ab692a2e700ea470fb59f1704fa139e79

Verified for

• Google

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net include:spf.premierithosting.com include:_spf.netxtra.net -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVaUtD1j4tEL0Nqi2TmD7QmR2mCe6aO980IFCT3Y3KZX+qNk1o4bh/q4DUcWvHaE5OiGUMuc4qdXgxkWPLrV…
• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.fpm.org.uk/

present

• content-security-policy

findings

• missing HSTS
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (3)

• research.net×1
• list-manage.com×1
• granite5.com×1

Linked from (1)

• ifapp.org×1