lauge-bonde.dk

HTML metadata

Technology

Server

Apache

jQuery

1.11.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Social widgets

• YouTube Embed

Third-party hosts loaded (3)

• www.youtube.com×2
• ajax.googleapis.com×1
• www.googletagmanager.com×1

Contact

Email

• info@lauge-bonde.dk
• info@lauge-bonde.dkcvr

DNS records live

NS

• ns1.curanet.dk
• ns2.curanet.dk

MX

• 0 de-smtp-inbound-1.mimecast.com
• 0 de-smtp-inbound-2.mimecast.com

Email authentication strong

SPF

v=spf1 ip4:18.153.184.0/27 ip4:185.17.216.138 include:sparkpostmail.com include:de._netblocks.mimecast.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:re+rkhjswpbxgm@dmarc.postmarkapp.com

policy: reject (enforced)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXPRhwTOCapOEOaRGj1CNT6lNykStqL61QntgeWXXyWEXBLiOjfnFRL3qpLu1HY+R2C0xyA+CJZt9b…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM1kxfr0o9YsRrSdUKB+i8Zv+jC98bOOCYIdjt5TS4a84iXvxwIfUk5gxjcHodXqeN2UdW8v13trI+…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.lauge-bonde.dk/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (6)

• facebook.com×1
• google.com×1
• integrityline.com×1
• linkedin.com×1
• ritzau.dk×1
• vestjyskmarketing.dk×1

Linked from (1)

• idverde.dk×1