gelia.se

HTML metadata

Technology

CDN

Azure Front Door

jQuery

3.3.1 known XSS (<3.5)

Stack

ASP.NET

Cookie consent

• OneTrust

Third-party hosts loaded (5)

• ajax.googleapis.com×1
• cdn.cookielaw.org×1
• cdnjs.cloudflare.com×1
• js.monitor.azure.com×1
• maps.googleapis.com×1

Social

• linkedin
• youtube

DNS records live

NS

• dns1.cscdns.net
• dns2.cscdns.net

MX

• 0 gelia-se.mail.protection.outlook.com

TXT

• uYeCCANpzEyJsBaa+4WVBQ489LO5L7WnMZTPjndvIorkQja3zhjtBkU2dla6JYOC88YWS+OqJZ5yJpPdQVqauw==
• asuid.cms-master-gelia-se=6C9C71F4AED90C1FF5057F56BA45C22B01730BFE3427B8F842810F67B81564B6
• knowbe4-site-verification=e3e6a5b4a2e57c6ff0e20b8d3453f00f

Verified for

• Atlassian
• DocuSign
• Google
• Microsoft 365

Email authentication weak

SPF

v=spf1 redirect=ahlsell.se

missing all

DMARC

v=DMARC1; p=none; rua=mailto:5d463d211165976@rep.dmarcanalyzer.com,mailto:dmarc_agg@vali.email;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5XIDUbZNhTs8kChq69SZ4teKPrJw35iGBcgxEoVGRqfJidLmpukljhqUSHX8vyZ5Cw63nkCg2hqxCskf0ia…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.gelia.se/

present

• strict-transport-security
• x-frame-options
• x-content-type-options

findings

• missing Content Security Policy
• missing Referrer Policy
• missing Permissions Policy

Links to (3)

• youtube.com×1
• linkedin.com×1
• enable-javascript.com×1

Linked from (1)

• fogsaljarna.se×1