whatsopen.io

HTML metadata

Technology

Server

nginx

PHP

5.6.40 end of life

jQuery

3.3.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Fonts

• Google Fonts

Social widgets

• YouTube Embed

Third-party hosts loaded (6)

• maxcdn.bootstrapcdn.com×2
• ajax.googleapis.com×1
• fonts.googleapis.com×1
• pro.fontawesome.com×1
• www.googletagmanager.com×1
• www.youtube-nocookie.com×1

Social

• facebook
• twitter

Contact

Email

• info@whatsopen.io
• support@whatsopen.io
• sales@whatsopen.io
• whatsopen.iosales@whatsopen.io
• info@whatsopen.iosupport

DNS records live

NS

• ns1061.ui-dns.biz
• ns1090.ui-dns.org
• ns1102.ui-dns.com
• ns1118.ui-dns.de

MX

• 1 aspmx.l.google.com
• 10 aspmx2.googlemail.com
• 10 aspmx3.googlemail.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

Verified for

• Brevo

Email authentication partial

SPF

v=spf1 include:spf.sendinblue.com mx ~all

softfail (~all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

• google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLKhnD0e2aXHJoO9+7qHYDNIpr/Xcjp5HZMF7X0ErYBvmGWoSbaQRolip1JEBuA1/ROeE9MndTBuoZ…
• mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://whatsopen.io/

present

• strict-transport-security
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• missing Content Security Policy
• missing Permissions Policy

Links to (3)

• facebook.com×1
• northwoodspro.com×1
• twitter.com×1

Linked from (1)

• northwoodspro.com×1