tennislife.at

HTML metadata

Technology

Server

nginx

jQuery

1.11.3 known XSS (<3.5)

Stack

PHP

Analytics

• Google Tag Manager

Ads

• Google Ads

Fonts

• Google Fonts

Third-party hosts loaded (6)

• fonts.googleapis.com×2
• www.googletagmanager.com×2
• fonts.gstatic.com×1
• widgets.trustedshops.com×1
• www.facebook.com×1
• www.googleadservices.com×1

Social

• facebook
• instagram

Contact

Email

• f.steinhauser@tennislife.at

Phone

• 0043 6991 132 40 8

DNS records live

NS

• alfa.ns.active24.cz
• beta.ns.active24.cz

MX

• 10 mail.tennislife.at

Email authentication partial

SPF

v=spf1 a mx ip4:80.79.28.178 ~all

softfail (~all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

• mail: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14y5DUyLVQHtfW0fbDsnr0sUYxWsz8mmM4JP3AFrICtQvcAB+beMKkwnpb83Pmaa3c8eMSCmHHiPpv…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.tennislife.at/

present

• content-security-policy
• x-frame-options

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (2)

• instagram.com×1
• facebook.com×1

Linked from (1)

• kaffeehaustalk.com×1