storebrand.se

HTML metadata

Technology

Server

nginx

Cookie consent

• OneTrust

Third-party hosts loaded (1)

• cdn.cookielaw.org×1

Social

• linkedin
• facebook
• instagram
• youtube

Contact

Phone

• 916 300 484

DNS records live

NS

• ns1-07.azure-dns.com
• ns2-07.azure-dns.net
• ns3-07.azure-dns.org
• ns4-07.azure-dns.info

MX

• 10 mxa-0028d802.gslb.pphosted.com
• 10 mxb-0028d802.gslb.pphosted.com

TXT

• Tpkt6yEqJjww5ePovOHb1AfrMdphdC4doqOCHNR0wAMmfJpoSwoqJDV99c7p2EQSRXm5KrkgcrVfjXeeD2WTBA==

Verified for

• Atlassian
• DocuSign
• GlobalSign
• Google
• Microsoft 365

Email authentication strong

SPF

v=spf1 include:_spf.storebrand.com include:servers.mcsv.net ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com

policy: reject (enforced)

DKIM

• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAlbra/iCtLF++BXjGf0KWwV+2fQvpjbF3tlesQOJGVdnB/BtVtJSe/8RCuwVnwKZgOg2ngjTidemr…
• s1: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKyLjeDwAle59I1/MtubUrUHx38xPdafA6lIqnAWmGR1Th0ADHr4DUOiQWbkwKFugYkr7PWk52QYBgC05PRTT…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.storebrand.se/

present

• content-security-policy

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (9)

• youtube.com×1
• storebrand.no×1
• spp.se×1
• myworkdayjobs.com×1
• mynewsdesk.com×1
• linkedin.com×1
• instagram.com×1
• fondlista.se×1
• facebook.com×1

Linked from (1)

• fondkollen.se×1