hfb.ch
hfb.ch
HTML metadata
Technology
- Server
- nginx
- CMS
- Drupal
- jQuery
- 2.2.4 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (3)
- code.jquery.com×2
- www.google.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns1.vasco.sui-inter.net
- ns2.vasco.sui-inter.net
- MX
-
- 10 d340895.a.ess.de.barracudanetworks.com
- 15 d340895.b.ess.de.barracudanetworks.com
- TXT
-
Show 6 TXT records
w48yg2W5jNGb4aw5rY+Jx5/3kyeFefhxxlO1mZVBw06agmLvgfSTAMjT/dXajp8GJ1x+8h7qc3S4ZJWFXyij9g==ng95e72vfio5eeqcdsg9idbuaono0o4ij04s4d5irsfhn78tsc99hcds/DcJdfST8DC5AojV7TsGwaQad6fd2DSBmBJOwnDQ+6V9HSSMfspB/LmHvQt6o/2hdJl2mlRCRdCpaU20Lw==h2mbkhvm1jbqsf403c0elnnqv14vud5lo3ji4o8v8v3r151s0f3j
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 mx a include:spf.nl2go.com include:_spf.sui-inter.net include:spf.protection.outlook.com include:spf.ess.de.barracudanetworks.com ip4:213.221.254.122 ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 57 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- permissions-policy
- findings
-
- CSP uses wildcard sources
- weak frame protection
- missing Referrer Policy
Header values
- x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://xn--kche-schweiz-dlb.ch/- permissions-policy
interest-cohort=()- x-content-type-options
nosniff- content-security-policy
frame-ancestors https://*.xn--kche-schweiz-dlb.ch/ 'self';- strict-transport-security
max-age=15768000; includeSubDomains
Links to (12)
Linked from (3)
- schreinerzeitung.ch×1
- nkb.ch×1
- vssm.ch×1