vastgoed-assen.nl
vastgoed-assen.nl
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
- PHP
- 8.3.21 security-only
- jQuery
- 3.7.1
- Fonts
-
- Google Fonts
Third-party hosts loaded (1)
- fonts.googleapis.com×2
Contact
- Phone
DNS records live
- NS
-
- ns1.thednscompany.com
- ns2.thednscompany.com
- ns3.thednscompany.com
- MX
-
- 0 vastgoedassen-nl02b.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 include:spf.protection.outlook.com include:_spf.transip.email -allstrict (-all) - DMARC
- not published
- DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2lOh6QeQ12cB1PIiFlgDmFB+RXHzYkxp5WWI/zVe/wndFQrgP6qZsOpqowxvi03+10GFuAbQuyrU0… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dBSXtuWfmaAXb82EFVQ1Y2szHA4lPh++MbBXf6H6QSznuuR4J2WqItr1kvWB5Vm45BciPP8yor3PO…
selectors probed - selector1:
Certificate (current)
YE2
Expires in 86 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- permissions-policy
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")- x-content-type-options
nosniff- content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'self' ;img-src * data: blob: 'self'- strict-transport-security
max-age=63072000