windsurf.co.uk

HTML metadata

Technology

Server

Apache

CMS

WordPress

jQuery

1.7.1 known XSS (<3.5)

Analytics

• Google Tag Manager

Ads

• Meta Pixel

Fonts

• Google Fonts

Third-party hosts loaded (4)

• www.googletagmanager.com×3
• ajax.googleapis.com×2
• connect.facebook.net×1
• fonts.googleapis.com×1

Social

• facebook

Contact

Email

• editor@windsurf.co.uk
• dan@windsurf.co.uk

DNS records live

NS

• arnold.ns.cloudflare.com
• aspen.ns.cloudflare.com

MX

• 1 email.macfaction.co.uk

Email authentication partial

SPF

v=spf1 mx a -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

• default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bh+lRd0HO3K9RZBJ3P7BcripYTJVBDzrJakhe/scp+Ge5LAGXxGEZIS8uJDXwORLeTsQ4MnFbQ3Wb…
• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
• mail: v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6a7wl6Y78Mi3Xo+Gzat0w8olAPyHdJeexlpeyH1+6feloXWGx6JWzA4YLQW+4hLjDmp8yfXQNDJ8/mVpohRFE…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 35/100 Checked live page: https://www.windsurf.co.uk/

present

• referrer-policy

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Permissions Policy

Links to (16)

• worthingwatersports.com×1
• windsurfer.co×1
• wave-digital.co.uk×1
• sup-internationalmag.com×1
• simmerstyle.com×1
• roho.co.uk×1
• magzter.com×1
• ion-products.com×1
• harry-nass.com×1
• goyawindsurfing.com×1
• google.com×1
• facebook.com×1
• duotonesports.com×1
• clubvass.com×1
• apple.com×1
• 2xs.co.uk×1

Linked from (1)

• wrfc.net×1