lmc-vo.nl

HTML metadata

Technology

Server

Microsoft-IIS

jQuery

1.4.4 known XSS (<3.5)

Analytics

• Google Tag Manager

Third-party hosts loaded (5)

• cdn.jsdelivr.net×2
• www.googletagmanager.com×2
• code.jquery.com×1
• maps.google.com×1
• stackpath.bootstrapcdn.com×1

Social

• youtube
• instagram
• linkedin

Contact

Email

• info@lmc-vo.nl

DNS records live

NS

• ns0.transip.net
• ns1.transip.nl
• ns2.transip.eu

MX

• 0 lmcvo-nl0i.mail.protection.outlook.com

TXT

• oy4y34Tb+tjkYFYS4XfF2UzjHr/BjqlwB4NSBPQb8sD9d2lGhKAl2+d63FERS56Yz8+3h8bqrkckeRqIci7cjQ==

Verified for

• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 mx ip4:161.51.76.247 include:spf.protection.outlook.com include:spf.afas.online include:_spf.mailplus.nl include:email.bergop.net include:_spf.james-software.nl ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zCqlnfWF5UlWAlvVHpnuSYsnpirXwFRTsM6cyqlDJgxG4Zb5RUagvffkIYkOseI7ii81xsFH6IbFw…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://www.lmc-vo.nl/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (9)

• youtube.com×1
• wijzijnsaro.nl×1
• saroacademie.nl×1
• office.com×1
• meesterbaan.nl×1
• linkedin.com×1
• kindenonderwijsrotterdam.nl×1
• instagram.com×1
• afasinsite.nl×1

Linked from (1)

• elektronische-toegangsbeveiliging.nl×1