thecockpit.org.uk

HTML metadata

Technology

Server

Apache

CMS

Drupal

Social

• twitter
• instagram
• facebook
• tiktok

Contact

Phone

• 020 7258 2925

DNS records live

NS

• ns31.domaincontrol.com
• ns32.domaincontrol.com

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• google-site-verification=rpLzedmR9mQWFCuFwus9ms2cT2wTIdmkUohYG2YMcY8

Email authentication partial

SPF

v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com include:amazonses.com include:_spf.gn.apc.org ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUTtsHY6ATO+NWMgWmRp5/AaxaHd+hrniErVK43hNfFZSQee+x0qi5myKtxsjJBoqTw8Vg/KMsCPkW…
• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.thecockpit.org.uk/

present

• strict-transport-security
• x-frame-options
• x-content-type-options
• permissions-policy

findings

• missing Content Security Policy
• weak content type protection
• missing Referrer Policy

Links to (9)

• facebook.com×1
• instagram.com×1
• londonpubtheatres.com×1
• smartsheet.com×1
• stagedoorapp.com×1
• theamerican.co.uk×1
• tiktok.com×1
• twitter.com×1
• ucg.ac.uk×1

Linked from (2)

• onejazz.net×1
• ucg.ac.uk×1