wellfair.ngo

HTML metadata

Technology

Server

Apache

CMS

WordPress 6.9.4

jQuery

2.10.2 known XSS (<3.5)

Analytics

• Google Tag Manager

Cookie consent

• Usercentrics

Third-party hosts loaded (3)

• app.usercentrics.eu×1
• gmpg.org×1
• www.googletagmanager.com×1

Social

• instagram
• youtube
• facebook
• linkedin

Contact

Email

• info@wellfair.ngo
• e-mailinfo@wellfair.ngo

Registration

Registrar

Tucows Domains Inc.

Created

2022-06-17

Expires

2029-06-17 1123 days left

Updated

2024-04-22

Name servers

• ns5.kasserver.com
• ns6.kasserver.com

DNS records live

NS

• ns5.kasserver.com
• ns6.kasserver.com

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• sending_domain658023=3acbbfe23d0ad41e96d920ad2b784a8ac31886c01ff6acba66cd343f874176ac
• SFMC-KhVSqbrnY5DDzNNh8wj8pKo3-1pzAD2p9QT5GhuA
• pardot658023=91a6e0b56eeb02fc9720d4152ec920d63ccac904fc5a12b95aab7a32a388078d

Verified for

• Google

Email authentication strong

SPF

v=spf1 mx a include:_spf.google.com include:_spf.salesforce.com include:aspmx.pardot.com include:cust-spf.exacttarget.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:neven@wellfair.ngo; pct=100; adkim=r; aspf=r

policy: reject (enforced)

DKIM

• google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLVDvZ2yVpPJdY0g4nAAIjBzLvkhEzp/AHYT2Z1UqkaDPg3R/dP1Gb+P8SrCs3UeHbVpWzyVzbqC2hHZR20s…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://wellfair.ngo/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (8)

• dqsglobal.com×1
• facebook.com×1
• instagram.com×1
• linkedin.com×1
• susana.org×1
• turingpoint.de×1
• washnet.de×1
• youtube.com×1