bomij.nl
bomij.nl
HTML metadata
Technology
- Server
- nginx
- Stack
- PHP
- Fonts
-
- Google Fonts
Third-party hosts loaded (1)
- fonts.googleapis.com×1
Social
DNS records live
- NS
-
- ns1.bdm.microsoftonline.com
- ns2.bdm.microsoftonline.com
- ns3.bdm.microsoftonline.com
- ns4.bdm.microsoftonline.com
- MX
-
- 0 bomij-nl.mail.protection.outlook.com
- TXT
-
mscid=kRRkwG9HpH1cUoqtoaYZIfyQmZG9RfXmLlFCVJs/zmlkbAxL3XlzDWt573CcjbIMykcK0G3wLNSI8Blf7ihtXw==
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 a mx a:srv1.bmg.org a:srv1B.bmg.org a:server09.bmg.org ip4:109.70.1.212 ip4:195.121.247.4/16 ip4:62.84.240.62 ip4:46.17.4.196 a:cpsmtpb-ews02.kpnxchange.com include:_spf.exsilia.net include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; sp=nonepolicy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 208 days
HTTP security headers
- present
-
- content-security-policy
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none';