sbs-mechanik.ch
sbs-mechanik.ch
HTML metadata
Technology
- Server
- Apache
- CMS
- Joomla 1.8
- jQuery
- 3.2.1 known XSS (<3.5)
Social
DNS records live
- NS
-
- ns.hostpoint.ch
- ns2.hostpoint.ch
- ns3.hostpoint.ch
- MX
-
- 10 mx1.mail.hostpoint.ch
- 10 mx2.mail.hostpoint.ch
Email authentication weak
- SPF
-
v=spf1 redirect=spf.mail.hostpoint.chmissing all - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 82 days
HTTP security headers
- present
-
- content-security-policy
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-resource-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- missing frame protection
Header values
- referrer-policy
same-origin- permissions-policy
accelerometer=('none'), ambient-light-sensor=('none'), autoplay=('none'), battery=('none'), camera=('none'), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(), display-capture=('none'), encrypted-media=('none'), execution-while-not-rendered=('none'), execution-while-out-of-viewport=('none'), fullscreen=('self'), gamepad=(), geolocation=('self'), gyroscope=('none'), interest-cohort=(true), magnetometer=('none'), microphone=('none'), midi=('none'), navigation-override=('none'), payment=('none'), picture-in-picture=('none'), publickey-credentials-get=('none'), screen-wake-lock=('none'), speaker-selection=(), sync-xhr=('none'), usb=('none'), web-share=('none'), xr-spatial-tracking=('none')- x-content-type-options
nosniff- content-security-policy
upgrade-insecure-requests; default-src 'self'; base-uri 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data:; style-src 'unsafe-inline' 'unsafe-eval' 'self' data:- cross-origin-resource-policy
same-site