heds-fr.ch

HTML metadata

Technology

Analytics

• Google Tag Manager

Third-party hosts loaded (1)

• www.googletagmanager.com×1

Social

• linkedin
• instagram
• facebook

DNS records live

NS

• hefrns01.hefr.ch
• hefrns02.hefr.ch

MX

• 10 hedsfr-ch01b.mail.protection.outlook.com

TXT

Show 6 TXT records

• QuoVadis=07a78e91-111f-4fe6-a8ff-2e8fb404d46e
• _rthij6pqnni0oyi4p52zeiz31igcurl
• _ae147c1ys3l0w6asy67cyj35044zxzn
• _bewor19v13p1471voc1yquyw5cswhnl
• bf3prhmjnp3xxydzdjfkbb67hshgs6vg
• yt4bvpfyt8l58n38rhhbxsp3qp45qszp

Verified for

• Dynamics 365
• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:160.98.8.125 ip4:160.98.8.126 include:spf.protection.outlook.com include:spf.braintreegateway.com include:_spf.atlassian.net -all

strict (-all)

DMARC

v=DMARC1;p=none;rua=mailto:abuse@hefr.ch;ruf=mailto:abuse@hefr.ch;fo=1;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gaB1IhIbAc2nNjsVev2jYGcBj1Ufkc8G2zpT2LV9ygg9LTG1ptl5nk4h/OkqwNsi72SRIMxyvAK2N…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://heds-fr.ch/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy
• cross-origin-opener-policy
• cross-origin-embedder-policy
• cross-origin-resource-policy

findings

• missing Permissions Policy

Links to (4)

• linkedin.com×1
• instagram.com×1
• hefr.ch×1
• facebook.com×1

Linked from (3)

• palliative-fr.ch×1
• p-o-f.ch×1
• hefr.ch×1