modul.ac.at
modul.ac.at
HTML metadata
Technology
- Server
- Microsoft-IIS
- ASP.NET
- 4.0.30319
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (4)
- fonts.googleapis.com×2
- www.googletagmanager.com×2
- fonts.gstatic.com×1
- www.youtube.com×1
Social
DNS records live
- NS
-
- ns-1178.awsdns-19.org
- ns-1840.awsdns-38.co.uk
- ns-392.awsdns-49.com
- ns-823.awsdns-38.net
- MX
-
- 0 modul-ac-at.mail.protection.outlook.com
- TXT
-
D-TRUST=JNCHTF3BMXTQ82NBTA6NR4Ycnsvd2272hdcxhx5hdjbzmwkj2693vvy
- Verified for
-
- Dynamics 365
- Meta
Email authentication strong
- SPF
-
v=spf1 include:spf.protection.outlook.com include:_spf.eu.messagegears.net -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:a278a95ed56b.a@dmarcinput.com; ruf=mailto:a278a95ed56b.f@dmarcinput.compolicy: reject (enforced) - DKIM
-
Show 4 DKIM selectors
- selector1:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1zvq52W2IOIkHN/TXyrbn/7pJXXCTs76kdczrN5zNkEeqIyc7cnEMLum137hWwNrNHfTWaYR9zJWn91USx6… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5Ee4rIChspFO4GXOZKm61P/nITQkh2pyCtQjIcBXm6i6fGSyn/HxmYVFMFYZXt1ikCb+z+tvonTO2GB2a… - s2:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJgtFWUXSzsGNOqxoPYlSP86nX7F4nO6Qt3NaaZSNSWa19xvcuVOmNKvtN0k462VWFI+0Tps1cFO1lGoKG…
selectors probed - selector1:
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 115 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- permissions-policy
accelerometer=(self), autoplay=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)- x-content-type-options
Nosniff- content-security-policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com www.youtube.com syndication.twitter.com/ s.ytimg.com publish.twitter.com platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.azureedge.net https://snap.licdn.com api.muvi.modul.ac.at web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com/releases/v5.6.3/css/all.css web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com platfor- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
unsafe-none- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
cross-origin