marathon.se

HTML metadata

Technology

CDN

Cloudflare

CMS

Drupal

PHP

5.6.40 end of life

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (3)

• fonts.googleapis.com×1
• www.googletagmanager.com×1
• www.googletagservices.com×1

DNS records live

NS

• doug.ns.cloudflare.com
• roxy.ns.cloudflare.com

MX

• 10 marathon-se.mail.protection.outlook.com

TXT

• d:%09google-site-verification=EuNrCaUCavxC0_r550tYaf0clT4a3HBUzSaoUBzXe_Y

Verified for

• Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:161.38.206.2 ip4:158.174.188.160/29 include:spf.protection.outlook.com include:all._spf.plma.se ip4:194.68.222.0/24 include:sendgrid.net -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; pct=50; rua=mailto:dmarcmail@marathon.se; ruf=mailto:dmarcmail@marathon.se

policy: quarantine · pct=50

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDwWcSfQOkYcRtJGCI4XRK9AyN6r+ZVxS86HhFWfmyS4G7T5jmsBSAJk1HpyN8YFFuhVjkQR++Kg8G…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnZbIRxTkXwjVyFJU6rAhRDdxgVHC+zBlWyaOV4t/aBEk4aEa9JA33u7Xv2Q+xpEWwo3zWejsuqgrGuW8x…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnlnGw2THRVMFQwdNy5QucRLpIxh4RQX95KrmsQr5u+Kd5NFpC4xHqUMJzstM6p8CXtG82mRtS7VKcARrap1TSCm…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.marathon.se/

present

• x-content-type-options

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (3)

• winterrun.com×1
• stockholmmarathon.se×1
• hostrusket.se×1

Linked from (10)

• hasselbyloppet.se×1
• vasterasstadslopp.se×1
• stockholmhalfmarathon.se×1
• minimaran.se×1
• stafetten.com×1
• tjurruset.se×1
• sthlmtrailrun.se×1
• tjejmilen.se×1
• hostrusket.se×1
• varruset.se×1