sykora.eu
HTML metadata
Technology
- Server
- Microsoft-IIS
- jQuery
- 3.4.0 known XSS (<3.5)
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (2)
- ajax.googleapis.com×1
- www.googletagmanager.com×1
Social
DNS records live
- NS
-
- ns.wedos.com
- ns.wedos.cz
- ns.wedos.eu
- ns.wedos.net
- MX
-
- 15 mx1.avonet.cz
- 20 spool.avonet.cz
- 4 mail.sykora.eu
- Verified for
-
- Apple
Email authentication weak
- SPF
-
v=spf1 mx ip4:89.185.232.138 ip4:89.185.232.139 ip4:217.112.160.226 a:smtp.avonet.cz include:spf.netdirect.cz -allstrict (-all) - DMARC
- not published
- DKIM
-
- mail:
v=DKIM1; k=rsa; n=1024; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhFo6oxy9ab2d/hvXeFwZb/q68FHngTkfa09fFfhS53WpTtdsPMVaZhLH5ktc9RwnRWsvqyUlEW1…
selectors probed - mail:
Certificate (current)
R13
Expires in 56 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
unsafe-url- x-frame-options
SAMEORIGIN- permissions-policy
camera=(), microphone=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' data: blob: https://service.studio9.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.cz https://*.googlesyndication.com https://*.gstatic.com https://*.youtube.com https://*.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.facebook.com https://c.imedia.cz https://*.seznam.cz https://*.cdninstagram.com https://*.pinterest.com https://*.pinimg.com https://*.targito.com https://*.targito.sykora.eu https://*.typekit.net 'unsafe-inline' 'unsafe-eval'- strict-transport-security
max-age=31536000