insee.pl

HTML metadata

Technology

Server

nginx

CMS

WordPress 4.6.11 legacy (latest 7.0)

jQuery

1.10.2 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (6)

• ajax.googleapis.com×2
• fonts.googleapis.com×1
• insee.user.com×1
• s.w.org×1
• www.google.com×1
• www.googletagmanager.com×1

Contact

Email

• info@insee.pl

Phone

• +48224230612

DNS records live

NS

• ns-1464.awsdns-55.org
• ns-1725.awsdns-23.co.uk
• ns-400.awsdns-50.com
• ns-924.awsdns-51.net

MX

• 1 aspmx.l.google.com
• 10 aspmx2.googlemail.com
• 10 aspmx3.googlemail.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• 29d4f24b022c3f92eed0737da2b84054252ac28087541548614d9afa57137a03

Verified for

• Apple
• Atlassian
• Microsoft 365

Email authentication strong

SPF

v=spf1 mx include:_spf.google.com include:_spf.atlassian.net include:amazonses.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine;

policy: quarantine

DKIM

• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy1nPrGuk1YHQl2q5JsHN6haT5EuySQdCxvdEgyyPrTyOH0F7azz8l8rqTh7MlN8ETtxu5r/8Zpsqt…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1gU64wM331J2x42nJ5l0VWV9mz2yyXOQwlgqvQ5eOkANWTV43m7GSCUU9MBBKHDpm6+8o9nY+5vm506tZ…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tvSmzHnj/KkHIVAuonmai05ZFiat3Js8GETYTxg0Pfb3773i53A56TIx89vrodwSgVPFTQFqQ1Tg/KOpQM6YlC…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://insee.pl/

present

• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing Permissions Policy

Links to (5)

• viewone.pl×1
• smartcard.pl×1
• pssb.pl×1
• istruct.com×1
• dsa.org×1

Linked from (2)

• istruct.com×1
• wellu.eu×1