indexo.dev

bladcadeau.nl

.nl crawl

First seen 2026-05-21 · Last seen 2026-06-04 · ok HTTP/1.1 200 3018 ms crawled 2026-05-27

DE · 95.101.111.133 · AS20940 Akamai International B.V.

Reputation 100/100

Classifying

HTML metadata

Title
Bladcadeau.nl | Cadeaubon verzilveren | Saldo checken
Description
Bladcadeau gekregen? Wissel je cadeaukaart in voor een tijdschrift of abonnement naar keuze o.a. LINDA., vtwonen, Quest of Libelle. Of check je saldo.

Technology

jQuery
3.2.1 known XSS (<3.5)
Stack
Java
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • fonts.googleapis.com×2
  • myprivacy.dpgmedia.net×1
  • www.googletagmanager.com×1

Contact

Phone

DNS records live

NS
  • eur2.akam.net
  • eur5.akam.net
  • eur6.akam.net
  • ns1-125.akam.net
  • ns1-25.akam.net
  • usc2.akam.net
  • use2.akam.net
  • use5.akam.net
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • kwWvaabTDGCtj7bJHF3sylJrXmPQ+IPykTfzl2gdTcyEHd7mRThFBcmDzA85le89GD5tHgIm+WeXQAVgeHNrFA==
Verified for
  • Google
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:145.60.8.129 include:_spf.dpgmmservices.nl include:spf.protection.outlook.com include:_spf.google.com include:authsmtp.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:zurbc63x@ag.eu.dmarcadvisor.com; ruf=mailto:zurbc63x@fr.eu.dmarcadvisor.com; fo=1; pct=100
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTVFyr4Iy2jkSAX68zLc9hIDkNPv7UZngJLf2929NSFFov0S17WggD5CcKxrkwiRpNdR2XlNJoGB4bLI17iG…
selectors probed

Certificate (current)

E7
from 2026-05-16 to 2026-08-14
Expires in 70 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.bladcadeau.nl/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing frame protection
Header values
referrer-policy
strict-origin-when-cross-origin
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff
content-security-policy
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src https: blob:; media-src https: data: blob:; worker-src https: blob:; frame-ancestors 'self'; upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubdomains; preload

Links to (3)

Linked from (2)