sipe.pt

HTML metadata

Technology

Server

nginx

jQuery

2.1.3 known XSS (<3.5)

Stack

Laravel

Analytics

• Google Tag Manager

Social widgets

• YouTube Embed

Third-party hosts loaded (5)

• cdnjs.cloudflare.com×5
• www.youtube.com×3
• ajax.googleapis.com×1
• www.googletagmanager.com×1
• www.youtube-nocookie.com×1

Social

• facebook
• youtube

Contact

Email

• sipenacional@sipe.pt

DNS records live

NS

• ns1.4porquatro.com
• ns11.4porquatro.com
• ns14.4por4.pt
• ns2.4porquatro.com
• ns3.4porquatro.com
• ns4.4porquatro.com
• ns9.4porquatro.com

MX

• 5 relay.plako.net

TXT

• ef5G2LOl91onE-toX7DTkHa3TrP84DYGmC8dFLm5pGM

Verified for

• Brevo
• Google

Email authentication strong

SPF

v=spf1 ip4:62.193.196.31 include:_spf.kmitd.com include:_spf.plako.io include:sendersrv.com -all

strict (-all)

DMARC

v=DMARC1;p=reject;pct=100;rua=mailto:dmarc@plako.net;ruf=mailto:dmarc@plako.net;

policy: reject (enforced)

DKIM

• default: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyNspo/eP8d6AKUj3rVuAn1tSnJEqObvc+7TPw6FmEy/RZZx+eUCir9zPXvgXaB+8GAl9cilN2T5v9/u8Ii5…
• mail: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+l…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.sipe.pt/

present

• strict-transport-security
• x-frame-options
• x-content-type-options

findings

• missing Content Security Policy
• weak frame protection
• weak content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (10)

• youtube.com×1
• twitter.com×1
• sapo.pt×1
• rtp.pt×1
• publico.pt×1
• pressreader.com×1
• noticiasaominuto.com×1
• iol.pt×1
• facebook.com×1
• 4por4.pt×1

Linked from (1)

• recriarsentidos.pt×1