xavin.eu

HTML metadata

Technology

Server

nginx

CMS

Gatsby

Cookie consent

• Cookiebot

Third-party hosts loaded (1)

• consent.cookiebot.com×1

Social

• linkedin
• youtube
• facebook
• instagram
• reddit

DNS records live

NS

• ns37.domaincontrol.com
• ns38.domaincontrol.com

MX

• 0 xavin-eu.mail.protection.outlook.com

TXT

Show 4 TXT records

• facebook-domain-verification=2n32g6k66j46zx62owcfcnjg6jllk7
• google-site-verification=CzbfILas2FBQBvhmaemwQDzNtqSZuz17oNcv8O8HIcs
• brevo-code:2f778174c2e0706fa4e3adbbf2d14411
• MS=ms 62463000

Email authentication partial

SPF

v=spf1 include:_spf.mlsend.com mx include:spf.protection.outlook.com a include:ispgateway.de ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com

policy: none (monitoring only)

DKIM

• k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.xavin.eu/

present

• x-frame-options
• x-content-type-options

findings

• missing HSTS
• missing Content Security Policy
• missing Referrer Policy
• missing Permissions Policy

Links to (19)

• youtube.com×2
• caritasstiftung-stuttgart.de×2
• facebook.com×2
• frauenhilfe-westfalen.de×2
• grenzlaeufer-ev.de×2
• instagram.com×2
• jotform.com×2
• kiebitz-brandenburg.de×2
• kubibe.de×2
• linkedin.com×2
• michaelshof-sammatz.de×2
• reddit.com×2
• xing.com×2
• awo-hannover.de×2
• littlebigfuture.de×2
• jacksaloonvaudreuil.com×1
• kreuzhof-eschenried.de×1
• mecklenburgerhof-mirow.de×1
• stellarosejewelry.com×1

Linked from (2)

• yolawo.de×2
• crowddialog.de×1