valtellina.it

HTML metadata

Technology

CDN

Amazon CloudFront

Server

Apache

jQuery

3.4.1 known XSS (<3.5)

Stack

PHP

Fonts

• Google Fonts

Third-party hosts loaded (6)

• fonts.googleapis.com×3
• cdn.jsdelivr.net×1
• embeds.acswapp.com×1
• fonts.gstatic.com×1
• static.sojern.com×1
• www.facebook.com×1

Social

• facebook
• twitter
• youtube
• instagram

Contact

Email

• info@valtellina.it
• -info@valtellina.it

DNS records live

NS

• dns.technorail.com
• dns2.technorail.com
• dns3.arubadns.net
• dns4.arubadns.cz

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• a36b86cb35f74594be08bf5ca83a0200
• b28qy5v5jyl11945rh313r0y6kgpvsb4

Verified for

• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 +a ip4:194.143.143.112 include:spf.protection.outlook.com include:_spf.aruba.it include:musvc.com include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrRvrbW3DMaWVwUaEc0KyK4C0oCxrxTOkbfHTuQo2G90U4eruZ+H2F4ssauiiwo1LzDgGD7F8PofsB…

selectors probed

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.valtellina.it/

present

• strict-transport-security
• content-security-policy-report-only
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• missing Content Security Policy
• missing Permissions Policy

Links to (7)

• emailsp.com×1
• facebook.com×1
• in-lombardia.it×1
• instagram.com×1
• tiktok.com×1
• twitter.com×1
• youtube.com×1

Linked from (4)

• confcommerciosondrio.it×1
• provinciasondrio.it×1
• paradiselodge.it×1
• santacaterina.it×1