gothes.se

HTML metadata

Technology

Server

Apache

jQuery

1.11.3 known XSS (<3.5)

Stack

Java

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (4)

• fonts.googleapis.com×2
• fonts.gstatic.com×1
• stackpath.bootstrapcdn.com×1
• www.googletagmanager.com×1

Social

• linkedin
• facebook
• instagram
• youtube
• pinterest

Contact

Email

• order@gothes.se
• info@gothes.se
• svenskaengelskasvenskaorder@gothes.se
• 00info@gothes.se

Phone

• +46104834025
• +46104834000

DNS records live

NS

• ns1-08.azure-dns.com
• ns2-08.azure-dns.net
• ns3-08.azure-dns.org
• ns4-08.azure-dns.info

MX

• 10 gothes-se.mail.protection.outlook.com

TXT

• lime-domain-verification=5B49E571B7F856A
• _s8fg13ar6j572rpcpatkgalmp0nw75h
• e2ou0sejkt3cdvm9ku38c2rcrk

Verified for

• Apple
• GlobalSign
• Google
• Microsoft
• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:194.17.7.186 ip4:213.88.210.194 ip4:213.88.210.216 ip4:213.88.210.218 include:spf.zscaler.net include:spf.mx-wecloud.net include:spf.protection.outlook.com include:spf.gansend.com ip4:198.37.156.28 ip4:84.19.145.46 -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbstYkeW4VfHLdoemjzM1d+6+A8wlrZshwB71r++1VSMNjfvsrWF7w/yC4j5nWHjWJwMAczOJeV3+/+8XL0e…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://gothes.se/shop/IboxServlet?p=SHOP

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (7)

• youtube.com×1
• pinterest.com×1
• linkedin.com×1
• instagram.com×1
• gothesteknik.se×1
• gothessakerhet.se×1
• facebook.com×1

Linked from (3)

• kd-byggaluminium.se×1
• gothesteknik.se×1
• safetron.com×1