worktorch.io

HTML metadata

Technology

Server

nginx

CMS

Next.js

Social

• facebook
• instagram
• twitter
• linkedin
• youtube

Contact

Email

• hello@worktorch.io
• press@worktorch.io

DNS records live

NS

• ns01.domaincontrol.com
• ns02.domaincontrol.com

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

TXT

• google-site-verification=Kmj-UO1bUdh0ogs8qa8Dp6LMu_1-XZg8lbaYerbS-s0
• google-site-verification=GscJBWPkQ1AA_SD7L0szRU0wf0E71KscmQeebHVrZoo

Email authentication weak

SPF

v=spf1 include:dc-aa8e722993._spfm.worktorch.io ~all

softfail (~all)

DMARC

not published

DKIM

• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPIhJfaGxabAJIvVv7dOStyJxfjmmXbTMxJQl8mCpFwen2hHWbqd2LLFHQ5h4Zsrw/aKa4nb55mAuiN7WF…
• s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoddBGPDEA5cG/xrdWfomZZi7pBBIVBP3zExlLpnjoEv4qmwRqrtzAqUEQJm+sFqkHu5a8vOid8SMA9MNFP…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://worktorch.io/

findings

• missing HSTS
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (7)

• apple.com×2
• facebook.com×2
• google.com×2
• instagram.com×2
• linkedin.com×2
• twitter.com×2
• youtube.com×2

Linked from (1)

• kcrisefund.com×2