lpgas.no
lpgas.no
HTML metadata
Technology
- Server
- nginx
- CMS
- Joomla
- jQuery
- 1.12.4 known XSS (<3.5)
- Fonts
-
- Google Fonts
Third-party hosts loaded (9)
- admin.mekke.no×54
- fonts.googleapis.com×2
- www.google.com×2
- ajax.googleapis.com×1
- cdnjs.cloudflare.com×1
- code.jquery.com×1
- fonts.gstatic.com×1
- mekke.no×1
- unpkg.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns1.halden.org
- ns2.monsternett.no
- MX
-
- 10 mail.mekke.no
Email authentication partial
- SPF
-
v=spf1 include:spf.mekke.no ip4:89.221.242.124 -allstrict (-all) - DMARC
-
v=DMARC1; p=none; fo=1; pct=100policy: none (monitoring only) - DKIM
-
- mail:
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKt2C5pBeOuGSMym+QSOom9xmNTWi4BFbafaTKP9FaxVDqDXty6eGbIT7RPYzXWnCkpp…
selectors probed - mail:
Certificate (current)
YR1
Expires in 86 days
HTTP security headers
- present
-
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'none'; base-uri 'none'; object-src 'none';
Links to (27)
- zebro.no×1
- you.no×1
- trendsettingtrophies.co.uk×1
- tracker.no×1
- swm.no×1
- stilo.se×1
- sportspremier.no×1
- prtryck.com×1
- prosessbranding.no×1
- pfconcept.com×1
- l-shop-team.no×1
- kentaur.com×1
- jsint.com×1
- instagram.com×1
- golfpremier.no×1
- fotballpremier.no×1
- flipdocs.com×1
- fhgroup-b2b.com×1
- fh-group.dk×1
- facebook.com×1
- exentri.no×1
- eurosweet.se×1
- easyliving.no×1
- chriscogolf.no×1
- cemo.no×1
- borgstenaofsweden.se×1
- activatejavascript.org×1
Linked from (1)
- bmgk.no×1