otimo.se

HTML metadata

Technology

jQuery

3.3.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Fonts

• Font Awesome

Third-party hosts loaded (5)

• cdnjs.cloudflare.com×1
• code.jquery.com×1
• stackpath.bootstrapcdn.com×1
• use.fontawesome.com×1
• www.googletagmanager.com×1

Social

• facebook
• linkedin
• instagram

Contact

Email

• info@otimo.se

Phone

• 0480-31 99 00

DNS records live

NS

• dns.otimo.se
• dns2.otimo.se
• pns2.cloudns.net
• pns3.cloudns.net

MX

• 1 otimo-se.mail.protection.outlook.com

Verified for

• Google
• Microsoft 365

Email authentication weak

SPF

v=spf1 include:spf.protection.outlook.com ip4:194.237.103.66 ip4:194.237.103.77 ip4:194.236.158.133 -all

strict (-all)

DMARC

not published

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyE7ZCWe2xV1w3s1rQ/jw+ElweKuVxbfDGriobwqbyDH2b02dZFn7hgff3kQpgdLOor16RC9udgmO+…
• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjnJfUiylbE/5o3b+vKJmFPnkCGTABA99HaavJkxJmLczMsqpNtKxEP8k9vjtB9Bf57IDjhFhR3KIJVY1JAp…
• selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtw2FsLb/zHNWAm/MYyVtyCsnmnZQMIGXevyNkfuKpIug1lGiq4P6HQ6HK2vaSPt1wM6/NYw0xmSAJHfHEs4…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.otimo.se/

present

• x-frame-options
• permissions-policy

findings

• missing HSTS
• missing Content Security Policy
• missing content type protection
• missing Referrer Policy

Links to (15)

• akademiska.se×1
• capiostgoran.se×1
• ds.se×1
• erstadiakoni.se×1
• facebook.com×1
• google.com×1
• icuregswe.org×1
• instagram.com×1
• linkedin.com×1
• palliativ.se×1
• regionblekinge.se×1
• regionkalmar.se×1
• rvn.se×1
• sodertaljesjukhus.se×1
• vgregion.se×1