jermann-ag.ch

HTML metadata

Technology

Server

Apache

jQuery

1.12.3 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Third-party hosts loaded (4)

• f24.org×2
• fast.fonts.net×1
• produktiv.alixon-web.ch×1
• www.googletagmanager.com×1

Social

• linkedin
• instagram
• youtube
• facebook

Contact

Email

• i%6efo@jermann-ag.ch
• 98e-mailinfo@jermann-ag.ch

Phone

• +41 61 706 93 93
• +41 61 706 93 94
• +41 61 976 97 97
• +41 61 976 97 98
• +41 61 765 97 97

DNS records live

NS

• dns1.swizzonic.ch
• dns2.swizzonic.ch

MX

• 10 jermannag-ch01i.mail.protection.outlook.com

TXT

• QuoVadis=43562f8f-4473-422b-a3bf-89f12a68e685
• OHooHR8lu2NoWgrTmMA9jSp4k+QOWDSKlFKzsn2GYxF10YiVnK1nSW4HP5pDUuWOE6LzcFXw0GFP8uHnEoNIjg==
• _xm1tes5u0p96uh094ed9faq2h2frzzf

Verified for

• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:212.120.50.23 a:goldau.alixon.ch a:genf.alixon.ch include:spf.iway.ch include:spf.protection.outlook.com include:spf-de.emailsignatures365.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email;

policy: none (monitoring only)

DKIM

• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.jermann-ag.ch/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (5)

• youtube.com×1
• linkedin.com×1
• instagram.com×1
• geoportal.ch×1
• facebook.com×1

Linked from (1)

• rolv-nws.ch×1