bolletje.nl
bolletje.nl
HTML metadata
Technology
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (6)
- bolletje-service.consulink.com×2
- bolletje-central-form-v2.consulink.com×1
- cdn.cookiecode.nl×1
- whitelabel.scoupy.nl×1
- www.googletagmanager.com×1
- www.youtube.com×1
Social
Contact
DNS records live
- NS
-
- ns1.interstroom.nl
- ns2.interstroom.nl
- ns3.interstroom.nl
- ns4.interstroom.nl
- MX
-
- 10 de-smtp-inbound-1.mimecast.com
- 10 de-smtp-inbound-2.mimecast.com
- TXT
-
MS=C6F8D9C5BE1F2CF638E53C52651111E69DED56C50ed1fe018a35afbc94f0ce42f3bdf797
- Verified for
-
- Apple
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 a ip4:77.222.64.13 ip4:77.222.64.12 ip4:80.85.129.0/24 include:de._netblocks.mimecast.com include:_spf.zivver.com include:_spf.spotler.email include:spf.afas.online include:spf.protection.outlook.com include:_spf.cre8ion.nl include:autotask.net include:_spf.emailclick.nl -allstrict (-all) - DMARC
-
v=DMARC1;p=none;sp=reject;rua=mailto:easy484089@easydmarc.com;ruf=mailto:ruf@rep.easydmarc.com;fo=1policy: none (monitoring only) · sp=reject - DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 67 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
unsafe-url- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=()- x-content-type-options
nosniff- content-security-policy
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com static.bolletje.nl *.consulink.com *.scoupy.nl *.cookiecode.nl static.bolletje.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com static.bolletje.nl *.consulink.com static.bolletje.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com static.bolletje.nl static.bolletje.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com static.bolletje.nl *.consulink.com static.bolletje.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetic- strict-transport-security
max-age=31536000