pizzabakeren.no

HTML metadata

Technology

CDN

Cloudflare

jQuery

3.2.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Cookie consent

• Cookiebot

Third-party hosts loaded (6)

• static.pizzabakeren.com×36
• consent.cookiebot.com×1
• maps.googleapis.com×1
• stats.hosting.guru×1
• www.google.com×1
• www.googletagmanager.com×1

Social

• facebook
• instagram

DNS records live

NS

• david.ns.cloudflare.com
• ines.ns.cloudflare.com

MX

• 0 pizzabakeren-no.mail.protection.outlook.com

Verified for

• Google
• Meta
• Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com a:mail.datakreftverk.no ip4:80.239.24.19 ip4:80.239.24.18 include:_spf.cpanel.guru include:_spf.createsend.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClXC9T8lrIwwsx16F8K2n5zFf3ieHmVwdb/t7dqpT35trXWkP22KpYtcp717kdpbfSAye0O/3kUZuf1v0GWM…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://pizzabakeren.no/

present

• content-security-policy

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (5)

• snapchat.com×1
• instagram.com×1
• google.com×1
• facebook.com×1
• apple.com×1

Linked from (5)

• bjarg.net×1
• trondheimrocks.no×1
• feelingsfestival.no×1
• vaulenfestival.no×1
• neonfestival.no×1