qvh.be

HTML metadata

Technology

Server

Microsoft-IIS

CMS

Ghost

ASP.NET

4.0.30319

jQuery

3.1.1 known XSS (<3.5)

Stack

ASP.NET

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (6)

• fonts.googleapis.com×3
• wms.flexious.be×3
• www.googletagmanager.com×2
• my.enjin.be×1
• www.facebook.com×1
• www.flexious.be×1

Contact

Phone

• +32 (0) 497 55 55 46

DNS records live

NS

• ns1.openprovider.nl
• ns2.openprovider.be
• ns3.openprovider.eu

MX

• 10 qvh-be.mail.protection.outlook.com

Email authentication strong

SPF

v=spf1 mx include:spf.protection.outlook.com include:eu.zcsend.net include:_spf.eu.sparkpostmail.com include:sendgrid.net include:spf.smtp2go.com include:mailgun.org ip4:176.31.202.25 -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc@zoka.be; ruf=mailto:dmarc@zoka.be; fo=1

policy: quarantine

DKIM

Show 4 DKIM selectors

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIi4aYlyKi8Dhyhn4Fg5catIIJuiZkIPZaF6oExjCcN4mAGUVIBKG/nXpuOp8ezWD7hDjBKdP7+uMt4/rIVS…
• k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iHOhYWFCeLg7QhrdTwecDSGfLnUBL9Zvk/jKiKwvpIeVHjbTGO2B6zHJ4G3igXMnsIIvAMa2vrtuoBYLc…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFgNVDxB0aDgKVby9kFOu2lU4PRKdgCgy9XQujT9GI7GehTgC7kUTOwYYMQxDw97pMi7UQtud3Ux93kJbfQs1/71…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://qvh.be/nl/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (1)

• flexious.be×1

Linked from (1)

• salesarchitects.be×1