n3m.fi
n3m.fi
HTML metadata
Technology
- Server
- Apache
- CMS
- Joomla
- PHP
- 8.3.31 security-only
- Analytics
-
- Google Analytics
- Fonts
-
- Google Fonts
Third-party hosts loaded (2)
- fonts.googleapis.com×2
- www.google-analytics.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- dns1.sydweb.fi
- dns3.sydweb.fi
- dns4.sydweb.fi
- MX
-
- 0 fimx1.d-fence.eu
- 0 fimx2.d-fence.eu
- TXT
-
nn5kODXTKVUUZ9xcg989gditHT3Sk7bL6tDC58IvU4QYAgeyvYRzyo2NqMZZMFjI+B7ZDRnSzcxaKMvVQolsWQ==
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 +mx +a +ip4:94.237.18.221 +ip4:176.72.241.90 +ip4:91.150.47.98 +ip4:91.150.61.54 +ip4:62.183.230.18 +include:spf.protection.outlook.com +include:spf.surfnet.fi ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMjh1t5//q9i2DcVly6WyGfj6DCFU2MFzarJ3h2YPaMvFfOi2YA0apdwI8dPYQy9AfOYgAlXyAtKEk…
selectors probed - default:
Certificate (current)
R12
Expires in 45 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'none'; manifest-src 'self'; media-src 'self'; frame-src 'self' www.youtube.com youtu.be; style-src 'self' fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' update.sydweb.fi www.google-analytics.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.tile.openstreetmap.org www.google-analytics.com; connect-src 'self' www.google-analytics.com region1.google-analytics.com; frame-ancestors 'self'; form-action 'self' app.watchful.li; base-uri 'self'- strict-transport-security
max-age=63072000; includeSubDomains; preload
Links to (4)
- sydweb.fi×1
- seti.fi×1
- rala.fi×1
- facebook.com×1