theatermuseum.at

HTML metadata

Technology

Server

Apache

CMS

Joomla

jQuery

1.10.2 known XSS (<3.5)

Analytics

• Google Tag Manager

Third-party hosts loaded (2)

• cloud.ccm19.de×1
• www.googletagmanager.com×1

Social

• facebook
• instagram
• youtube

Contact

Email

• info@theatermuseum.at
• info@theatermuseum.atwegen

Phone

• 43 1 525 24 2729

DNS records live

NS

• ns1.khm.at
• ns2.khm.at
• ns5.univie.ac.at

MX

• 10 mx1-mailcontrol.conova.com
• 20 mx2-mailcontrol.conova.com
• 30 mx3-mailcontrol.conova.com
• 40 mx4-mailcontrol.conova.com

TXT

• 0qoxX1pZkNgN6Bdzos/oLTJdL7zbLPJZWQTMli3Bi6/avaMbyinqgu3XDbif7DOJFYf0QPw71o/g4bavQr1hdg==

Verified for

• Google
• Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:193.170.216.66 ip4:193.170.216.30 include:spf.protection.outlook.com include:spf.mlwrx.com include:amazonses.com include:_spf.mailcontrol.conova.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc_rua@khm.at; ruf=mailto:dmarc_ruf@khm.at; fo=1; adkim=s; aspf=r

policy: quarantine

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovpz4CsyXaard6t/vvzUxVFhi0bF/Qs8MeMouIMoRXmOzIkIg4qCyjvWkOgi0YrxnPYXA3Z4IhkrZb…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://theatermuseum.at/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• weak content type protection
• missing Permissions Policy

Links to (8)

• youtube.com×1
• weltmuseumwien.at×1
• schlossambras-innsbruck.at×1
• khm.at×1
• kaiserliche-wagenburg.at×1
• kaiserliche-schatzkammer.at×1
• instagram.com×1
• facebook.com×1

Linked from (3)

• moriz-naehr.com×1
• kaiserliche-wagenburg.at×1
• kaiserliche-schatzkammer.at×1