standrewholborn.org.uk

HTML metadata

Technology

Server

Apache

jQuery

3.2.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Fonts

• Font Awesome
• Google Fonts

Third-party hosts loaded (5)

• cdnjs.cloudflare.com×4
• code.jquery.com×2
• fonts.googleapis.com×1
• use.fontawesome.com×1
• www.googletagmanager.com×1

Social

• facebook
• twitter

DNS records live

NS

• ns1022.ui-dns.org
• ns1046.ui-dns.de
• ns1087.ui-dns.com
• ns1102.ui-dns.biz

MX

• 0 standrewholborn-org-uk.mail.protection.outlook.com

Email authentication strong

SPF

v=spf1 include:eu._netblocks.mimecast.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100; rua=mailto:a.gdxwkorl@sdmarc.net

policy: reject (enforced)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtsp2UTglnTUpikZWmzE6Tt5BkTujSkH6E8CxfHDWSGWxdzlwqmqCj+fLKGX/vy55+qB1VdSxDuCXdpxew33…
• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://standrewholborn.org.uk/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (12)

• achurchnearyou.com×1
• anglican.org×1
• bishopoffulham.org.uk×1
• churchofengland.org×1
• citycatholics.org.uk×1
• citymapper.com×1
• cityoflondon.gov.uk×1
• dormition.org.uk×1
• facebook.com×1
• holbornvenues.co.uk×1
• sswsh.com×1
• twitter.com×1

Linked from (4)

• citycatholics.org.uk×1
• holbornvenues.co.uk×1
• octobergalleryeducation.com×1
• octobergallery.co.uk×1