novoferm.ch

HTML metadata

Technology

Server

nginx

Third-party hosts loaded (6)

• beyond-cookiebanner.de×1
• fr.novoferm-live.bm-stage.de×1
• www.novoferm.at×1
• www.novoferm.com×1
• www.novoferm.de×1
• www.novoferm.dk×1

Contact

Email

• info@novoferm.ch

DNS records live

NS

• dns009.arvato-systems.de
• dns017.arvato-systems.de
• ns1.arvato-systems.de
• ns2.arvato-systems.de

MX

• 0 novoferm-ch.mail.protection.outlook.com

TXT

• Zv2nzAAo4A2dpmqvyn50AuJ6YLY1XyvhRm2l0WhFEksOsxAToqHRi+XoJFttcGz4oqSzlVJhl5sPDlIHbO8qyg==

Verified for

• DocuSign
• GlobalSign
• Microsoft 365

Email authentication weak

SPF

v=spf1 mx ip4:194.6.210.192 include:spf.protection.outlook.com -all

strict (-all)

DMARC

not published

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tuUOdhzibeawRNKFg6y4PKk5Zok1XreyNe+NDh2xrDcV1VCtWYemGqHCpHjnmRK0vJqXXodughNiI…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.novoferm.ch/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• weak content type protection
• missing Permissions Policy

Links to (3)

• siebau-cargotore.com×1
• novoferm-loesungen.de×1
• novoferm-extranet.de×1

Linked from (1)

• igtat.ch×1