oice.it
HTML metadata
Technology
- Server
- Apache
- CMS
- Joomla
- jQuery
- 1.8.2 known XSS (<3.5)
- Cookie consent
-
- Iubenda
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- ajax.googleapis.com×1
- analytics.withub.it×1
- cdn.iubenda.com×1
- fonts.googleapis.com×1
Social
DNS records live
- NS
-
- dns200.anycast.me
- ns200.anycast.me
- MX
-
- 10 mx1.oice.it
- 20 mx2.oice.it
- Verified for
-
- Brevo
Email authentication partial
- SPF
-
v=spf1 mx ip4:95.217.139.216/29 ip4:135.181.103.173 ip4:77.39.233.250 ip4:10.10.1.0/24 -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.compolicy: none (monitoring only) - DKIM
-
- mail:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed - mail:
Certificate (current)
R12
Expires in 70 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.withub.it; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; frame-ancestors 'self'; frame-src 'self' *.youtube.com; font-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.iubenda.com *.withub.it *.youtube.com; connect-src 'self' *.withub.it *.iubenda.com, frame-ancestors 'self';- strict-transport-security
max-age=63072000; includeSubDomains; preload