vav.at

HTML metadata

Technology

Server

nginx

jQuery

1.11 known XSS (<3.5)

Third-party hosts loaded (3)

• download.digiaccess.org×1
• siegel.ausgezeichnet.org×1
• www.vavpro.at×1

Social

• linkedin
• youtube

DNS records live

NS

• ns-1359.awsdns-41.org
• ns-1709.awsdns-21.co.uk
• ns-385.awsdns-48.com
• ns-520.awsdns-01.net

MX

• 10 mail.vav.at

TXT

• QuoVadis=700cf104-fcba-454e-b645-bd97dec23b4b
• QuoVadis=f897e8f3-6ed5-42b7-b272-7082e341a50d

Verified for

• Google
• Microsoft 365

Email authentication strong

SPF

v=spf1 redirect=23v7t4dy._spf._d.mim.ec

missing all

DMARC

v=DMARC1; p=quarantine; rua=mailto:718d4c8d4413921@rep.dmarcanalyzer.com; ruf=mailto:718d4c8d4413921@for.dmarcanalyzer.com; fo=1;

policy: quarantine

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.vav.at/privat

present

• content-security-policy
• x-frame-options

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• weak frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (3)

• youtube.com×1
• linkedin.com×1
• ausgezeichnet.org×1

Linked from (1)

• kaeferclub-laxenburg.at×1