corbion.com

HTML metadata

Title: Preserving what matters | Corbion
Description: Corbion Home

Technology

Server: Microsoft-IIS
CMS: Joomla

Analytics

Google Tag Manager

Cookie consent

OneTrust

Third-party hosts loaded (6)

customer.cludo.com×2
cdn.cookielaw.org×1
js.hs-scripts.com×1
maps.googleapis.com×1
tools.euroland.com×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

Hosting Concepts B.V. d/b/a Registrar.eu

Created

2000-05-03

Expires

2027-05-03 347 days left

Updated

2026-05-03

Name servers

ns1.openprovider.nl
ns2.openprovider.be
ns3.openprovider.eu

DNS records live

NS

ns1.openprovider.nl
ns2.openprovider.be
ns3.openprovider.eu

MX

0 corbion-com.mail.protection.outlook.com

TXT

rvj423ad9vfthc4rp2uri0cour
2y4LV6NkJ2O7EaNDf3qZVusx1gMJ1erO
SBc67mfDWS9ulUCo1b2FVailen7F7pDR41a4PBzE/jd/npTc2wri/PojJNTMe45vgfQHM4/m9224ggaBnVl3ow==

Verified for

Adobe
Google

Email authentication partial

SPF

v=spf1 include:spf.corbion.com include:spf.protection.outlook.com include:39988924.spf08.hubspotemail.net include:spf.mandrillapp.com include:tswe.corbion.com include:_spf.intermax.nl include:_spf.salesforce.com ip4:208.185.235.0/24 ip4:208.185.229.0/24 ip4:52.49.235.189/32 ip4:52.49.201.246/32 ip4:147.160.167.0/26 -all

strict (-all)

DMARC

v=DMARC1; p=none; adkim=r;aspf=r;rua=mailto:MailSecurity@corbion.com,mailto:dmarc_agg@vali.email; ruf=mailto:MailSecurity@corbion.com; fo=1; ri=3600

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfOG7J0IGkeYiJWHNZxv3jonFDWobP4UnWFwWvVaVnyNjZQXR6zE2eR/KBT0NEqednnegH4HOaNSDG…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKoMG1z/muq51xKoK/TRfDElBmtqmL3LYDx5RpJRBbFMOW55vdp1INAdP8FgnJESg//qgZ/tebeK1v…

selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2026-04-27 to 2026-11-12

Expires in 175 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.corbion.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: autoplay=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(self), geolocation=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), window-placement=()
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.euroland.com *.hubspot.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com *.hs-scripts.com *.mktoweb.com https://customer.cludo.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://m.youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com customer.cludo.com fonts.googleapis.com privacyportal-cdn.onetrust.com;object-src 'none';frame-src 'self' *.eurolandir.com *.euroland.com *.google.com *.media-server.com *.mktoweb.com *.youtube.com solutions.vwdservices.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.hubspot.com *.hsforms.com *.corbion.com flagcdn.com *.cludo.com *.mktoweb.com *.ytimg.com *.youtube.com *.core.windows.net *.globenewswire.com cdn.cookielaw.org fonts.gsta
strict-transport-security: max-age=31536000; includeSubDomains