zdrofit.pl

HTML metadata

Technology

CDN

Amazon CloudFront

Server

CloudFront

Third-party hosts loaded (1)

• cb02552ba940.5a03355a.eu-west-1.token.awswaf.com×1

DNS records live

NS

• ns-1050.awsdns-03.org
• ns-121.awsdns-15.com
• ns-1695.awsdns-19.co.uk
• ns-571.awsdns-07.net

MX

• 10 zdrofit-pl.mail.protection.outlook.com

TXT

• mojecertpl-site-verification-dVLuoesTFNvUgt450phQ0yQwPIk3Y4zD

Verified for

• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:_spf.emaillabs.net.pl -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@emaillabs.net.pl

policy: none (monitoring only)

DKIM

• selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxtis5eRLv19c/RrmZP+oMEa2XVYMQD+mKR5HepsIobyGXg2hezt5qED9hMhaADhUmylmiwSTEpp8U…
• selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09bHRJFGgDcJHvWY53TAY24adokRwVGPDOEOqkK8Ha+SesZu5P4leEWTdEaAFHm+0blR6tyMyCJZgH…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://zdrofit.pl/

present

• strict-transport-security
• content-security-policy
• x-content-type-options
• referrer-policy

findings

• short HSTS max-age
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing frame protection
• missing Permissions Policy

Linked from (2)

• motorlublin.com.pl×1
• etc.szczecin.pl×1