pocketbook-reader.pl

HTML metadata

Technology

Server

nginx

PHP

7.4.33 end of life

jQuery

1.11.1 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (3)

• www.googletagmanager.com×2
• fonts.googleapis.com×1
• www.facebook.com×1

Contact

Email

• kontakt@pocketbook-reader.pl
• help@pocketbook-int.com

Phone

• 71 343 26 15

DNS records live

NS

• ns1.pocketbook-reader.pl
• ns2.pocketbook-reader.pl

MX

• 10 mail.pocketbook-reader.pl

Verified for

• Google

Email authentication strong

SPF

v=spf1 ip4:57.128.215.128 include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1;p=quarantine;pct=100;rua=mailto:newsletter@pocketbook-reader.pl; ruf=mailto:dmarc@pocketbook-reader.pl;rf=afrf

policy: quarantine

DKIM

• default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYqOoYHc0mqGn3s2BuTdth/YfHFCFzPDMds7I0yit/ZdypdzWGJda9BIaqV85JwwAEXK3bQ17icrM/MexJD95…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.pocketbook-reader.pl/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy
• permissions-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources

Links to (1)

• pocketbook-int.com×1

Linked from (1)

• pocketbook.pl×1