debestelapp.nl

HTML metadata

Title: Homepagina - De Bestel App
Description: Bestel het lekkerste eten online direct via De Bestel App
Language: nl
Canonical: https://debestelapp.nl

Open Graph

url: https://debestelapp.nl
title: De Bestel App
description: Bestel het lekkerste eten online direct via De Bestel App

Technology

Server: nginx

Social

Registration

Registrar

OVH

Created

2023-03-10

Updated

2025-12-19

Name servers

ns2.bluebirdmedia.nl
ns1.bluebirdmedia.nl

DNS records live

NS

ns1.bluebirdmedia.nl
ns2.bluebirdmedia.nl

MX

10 mail.debestelapp.nl

Verified for

Ahrefs
Google

Email authentication partial

SPF

v=spf1 +a +mx +a:plesk.bluebirdmedia.nl +a:debestelapp.nl include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=none; sp=none;

policy: none (monitoring only) · sp=none

DKIM

default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDp/UfqD7VFd59Qd0zICU6gZV0jjXTMu9SxnHImN/Q+I42Cre0lpJb//fGeLI1BseKlREKs7dZ1iae8R9RkLy…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

E7

from 2026-05-24 to 2026-08-22

Expires in 83 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://debestelapp.nl/

present

strict-transport-security
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

missing Content Security Policy
weak frame protection
weak content type protection

Header values

referrer-policy: same-origin
x-frame-options: deny, SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(self), xr-spatial-tracking=()
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: same-origin
cross-origin-resource-policy: same-origin
content-security-policy-report-only: base-uri 'self'; child-src 'self' https://www.quandoo.nl/ https://js.stripe.com/; connect-src 'self' https://plausible.debestelapp.nl/ https://sentry.debestelapp.nl/ https://9110-api.quandoo.com/ https://booking-widget.quandoo.com/ https://api.stripe.com/ https://m.stripe.com/ wss://ws.debestelapp.nl:443; default-src 'none'; font-src 'self' data: https://fonts.bunny.net/; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.quandoo.nl/ https://maps.google.com/ https://www.google.com/ https://js.stripe.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; img-src 'self' data: blob: https://debestelapp.nl/ https://*.tile.openstreetmap.org/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-HFbw42WYlkrCuy0T3VgMivLxSTdL6iisEit1nYWj' https://plausible.debestelapp.nl https://js.stripe.com/ https://booking-widget.quandoo.com/ https://9110-api.quandoo.com/; style-src 'self' 'unsafe-inline' https://fonts.b