spitfiremuseum.be

HTML metadata

Technology

Server

nginx

jQuery

1.12.4 known XSS (<3.5)

Fonts

• Google Fonts

Third-party hosts loaded (1)

• fonts.googleapis.com×4

Social

• facebook

DNS records live

NS

• ns1.ouiheberg.com
• ns2.ouiheberg.com
• ns3.ouiheberg.com
• ns4.ouiheberg.com

MX

• 0 spitfiremuseum.be

Email authentication partial

SPF

v=spf1 +a +mx +ip4:78.46.99.182 ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoVoNANmroBaIRxTXh6UbA5JC9oLB9fekuPXpq2QQQS88vYS+e+fic5ckSN311Xxv58FyGep9xFBSz…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://spitfiremuseum.be/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (14)

• warheritage.be×1
• sonaca.com×1
• sabena-engineering.com×1
• patriagroup.com×1
• mil.be×1
• lockheedmartin.com×1
• jandenul.com×1
• florennesairbase.be×1
• florennes.be×1
• facebook.com×1
• cm-tourisme.be×1
• chimay.com×1
• belgiumbattlefield.be×1
• belgianairforcedays.be×1