sro.ch

HTML metadata

Technology

Server

Apache

jQuery

1.11.2 known XSS (<3.5)

Analytics

• Google Tag Manager

Cookie consent

• Cookiebot

Fonts

• Google Fonts

Third-party hosts loaded (4)

• ajax.googleapis.com×1
• consent.cookiebot.com×1
• fonts.googleapis.com×1
• www.googletagmanager.com×1

Social

• youtube
• facebook
• instagram
• linkedin

DNS records live

NS

• ns1.interway.ch
• ns2.interway.ch
• ns3.interway.ch

MX

• 10 mail.sro.ch

TXT

Show 5 TXT records

• swisssign-check=Jfhuy2rn2dTEbaomMJ-VqgbD6OE
• QuoVadis=daf87290-c73a-4b9e-b1f6-563f5ae0edf3
• MS=F0982BF1A595371D4FD2B06047D33663BE6F8E39
• C5PA82460NNI39Y3LDRR2R01Q47MARWJS0QZZ2QH
• swisssign-check=zhqVNZM94pXl-03HZ-hLwfEgFHI

Verified for

• Apple
• Cisco

Email authentication partial

SPF

v=spf1 a mx mx:hin.ch ip4:95.174.226.160/27 ip4:212.80.96.0/21 ip6:2a01:7480:1:100::10 include:_spf.plan-net.swiss -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarcreport@sro.ch; ruf=mailto:dmarcreport@sro.ch; fo=1

policy: none (monitoring only)

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.sro.ch/

present

• strict-transport-security
• x-frame-options
• x-content-type-options

findings

• missing Content Security Policy
• missing Referrer Policy
• missing Permissions Policy

Links to (4)

• youtube.com×1
• linkedin.com×1
• instagram.com×1
• facebook.com×1

Linked from (1)

• newwin.ch×1