tps-group.it
tps-group.it
HTML metadata
Technology
- Server
- Apache
- jQuery
- 3.4.1 known XSS (<3.5)
- Stack
- CodeIgniter
Social
Contact
- Phone
DNS records live
- NS
-
- addilyn.ns.cloudflare.com
- cartman.ns.cloudflare.com
- MX
-
- 0 tpsgroup-it0i.mail.protection.outlook.com
- TXT
-
v=DMARC1; p=none; pct=100; rua=mailto:dmarc873245@bls.it; sp=none; aspf=r;
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:spf.protection.outlook.com ip4:193.150.112.50 -allstrict (-all) - DMARC
-
v=DMARC1; p=none; pct=100; rua=mailto:dmarc873245@bls.it; sp=none; aspf=r;policy: none (monitoring only) · sp=none - DKIM
-
- default:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0uOyEcTzpIq99+lhQjnqDEHdLDk8j4T2SUnG/DpNhNe/muvDLPzcu0oM6fF18HeN48H1vopWqaU2VkWPQu2…
selectors probed - default:
Certificate (current)
E7
Expires in 47 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
connect-src www.google.com 'self' region1.google-analytics.com www.google-analytics.com www.tps-group.it; default-src 'self' www.google.com; media-src 'self' https://www.tps-group.it; font-src 'self' fonts.googleapis.com fonts.gstatic.com www.tps-group.it; frame-ancestors www.google.com; frame-src www.google.com; img-src data: 'self' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.tps-group.it; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.tps-group.it; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.google.com www.gstatic.com www.tps-group.it; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.tps-group.it;- strict-transport-security
max-age=31536000; includeSubDomains; preload