rlsd.be

HTML metadata

Technology

Server

nginx

jQuery

3.4.1 known XSS (<3.5)

Stack

PHP

Fonts

• Adobe Fonts

Third-party hosts loaded (2)

• code.jquery.com×1
• use.typekit.net×1

Social

• facebook
• instagram
• youtube
• linkedin

DNS records live

NS

• dns.oost-vlaanderen.be
• ns1.belnet.be
• ns2.belnet.be
• ns3.belnet.be

MX

• 15 dmzpub35.oost-vlaanderen.be
• 9 dmzpub34.oost-vlaanderen.be

TXT

• domain-verification:a3893b0a1a75a9844805230c3bfd9b0bdb0f922d
• SPF:ip4:176.62.168.0/24

Verified for

• Adobe
• Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:193.190.147.34 ip4:193.190.147.35 include:_spf.jaan.be Include:_spf.odoo.com ~all

softfail (~all)

DMARC

v=DMARC1;p=none;rua=mailto:iquzch7s@ag.c2.dmarcian.com;ruf=mailto:iquzch7s@fr.c2.dmarcian.com;fo=1

policy: none (monitoring only)

DKIM

• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
• s1: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOf55paLV/Y1xK2SAZa1HbZoFyQPESt5k53cejcags7AkU8XvuxVjGFDC0lNHBVMYJVfxO0D47VlxA7K8WD1K…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.rlsd.be/

present

• x-content-type-options

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing Referrer Policy
• missing Permissions Policy

Links to (7)

• youtube.com×1
• linkedin.com×1
• instagram.com×1
• goedgeplukt.be×1
• goedgeknot.be×1
• facebook.com×1
• behaagjetuin.be×1

Linked from (3)

• rlkgn.be×1
• regionalelandschappen.be×1
• life-sparc.eu×1