webdispecink.cz
HTML metadata
Technology
- Server
- nginx
- jQuery
- 1.11.1 known XSS (<3.5)
- Stack
- PHP
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (3)
- purl.org×5
- www.youtube.com×3
- www.google.com×1
Social
Contact
DNS records live
- NS
-
- ns1.ignum.com
- ns2.ignum.cz
- MX
-
- 4 webdispecink-cz.mail.protection.outlook.com
Email authentication strong
- SPF
-
v=spf1 mx ip4:89.185.225.143 ip6:2a01:430:26::1:143 ip4:89.185.225.132 -allstrict (-all) - DMARC
-
v=DMARC1;p=reject;rua=mailto:dmarc@system.webdispecink.cz;policy: reject (enforced) - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXu+fVJQr50IMvuSq8BqqNqx42lPcri3xGDbXtAsnfSxOAZQrxgaoPvHnIiImM0lPr5n/xYsXl/PZfJu7Ez+… - selector2:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbj340HfeZat4xusKKm6UIwxR5/R2LWMhfdm2zFggGw9/Jm6a6CA8Xa9UrqsK6FfpMjDFPK8WXmHRdjU79UV… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - selector1:
Certificate (current)
YR2
Expires in 86 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' data: https://www.google.com https://www.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.qualtrics.com https://*.siteintercept.qualtrics.com; frame-ancestors 'self';- strict-transport-security
max-age=63072000
Links to (4)
- youtube.com×1
- sygic.com×1
- princip.cz×1
- eurowag.com×1
Linked from (3)
- clweb.cz×1
- noprosu.cz×1
- komtes.cz×1