scba.org

HTML metadata

Technology

CDN

Cloudflare

CMS

WordPress

jQuery

2.2.4 known XSS (<3.5)

Stack

Java

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Third-party hosts loaded (4)

• fonts.googleapis.com×2
• cdnjs.cloudflare.com×1
• larkfield.com×1
• www.googletagmanager.com×1

Social

• linkedin
• twitter
• facebook
• instagram

DNS records live

NS

• ns.compugeeks.net
• ns1.compugeeks.net

MX

• 0 west.smtp.mx.exch084.serverdata.net
• 10 east.smtp.mx.exch084.serverdata.net

Email authentication partial

SPF

v=spf1 include:spf.serverdata.net ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2imXQKsExViiE2Xjnjt0mgFVX4uV8PSK+hNGK6tQxvYnRD1cCuKizXshxxvFPr1CYsd+2VRKjoNmyA…
• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqm9uVcB1UEV6vLTSi/U6wxs/Es60JVNE2S77cRGv92n1ANf6iCwJFXqpJhFWHY0jSxhm3mY/OC4XyaOTsm0…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup7wQMJhR+3Kg/4FxLMzpPlGx0t24juOo8i7jOTMczKOj62HEaIYRosrImUg8609aUf0B6PDcVGO11…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://scba.org/

present

• strict-transport-security

findings

• short HSTS max-age
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (15)

• websterbank.com×1
• userway.org×1
• twitter.com×1
• rglzlaw.com×1
• phpny.com×1
• linkedin.com×1
• lexisnexis.com×1
• instagram.com×1
• hedayatilaw.com×1
• farrellfritz.com×1
• facebook.com×1
• conaelderlaw.com×1
• cmmllp.com×1
• chase.com×1
• bsk.com×1

Linked from (1)

• alberlegal.com×1