puzzle-itc.de

HTML metadata

Technology

Server

nginx

CMS

WordPress

Third-party hosts loaded (2)

• www.puzzle.ch×10
• s3.amazonaws.com×1

Social

• linkedin
• github

Contact

Email

• info@puzzle-itc.de
• info@puzzle.ch

Phone

• +49 7071 143 16 0

Registration

Updated

2021-01-12

Name servers

• helium.ns.hetzner.de.
• hydrogen.ns.hetzner.com.
• oxygen.ns.hetzner.com.

DNS records live

NS

• helium.ns.hetzner.de
• hydrogen.ns.hetzner.com
• oxygen.ns.hetzner.com

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• MS=ms43439489
• bw=NKXxAY3esRXGF0SYfsDM935ioBQ4EpUDx9RZeEzqtP43
• google-site-verification=9eXnqKE-wItv-RhbNfjJ8h-ENDKzbUENskQ5yaP3ut4

Email authentication weak

SPF

v=spf1 include:_spf.google.com ~all

softfail (~all)

DMARC

not published

DKIM

• google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdcNcD+Ybi3Uhc0YXHNABrva9NuM4FE2/KKsGLJBohqOeN3dBhdKRxIah0aa/8CspMRReGxIfb1mgUlUzkFY…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.puzzle-itc.de/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy
• permissions-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources

Links to (5)

• github.com×4
• linkedin.com×4
• openstreetmap.org×4
• swissmadesoftware.org×4
• puzzle.ch×1

Linked from (2)

• digitalindependence.eu×4
• tuebix.org×1