di-visie.nl
di-visie.nl
HTML metadata
Technology
- Server
- nginx
- Stack
- PHP
- Analytics
-
- Google Tag Manager
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (2)
- www.googletagmanager.com×1
- www.youtube.com×1
Contact
- Phone
DNS records live
- NS
-
- ns1.cybox.nl
- ns2.cybox.eu
- MX
-
- 0 divisie-nl0e.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication weak
- SPF
-
v=spf1 include:spf.protection.outlook.com -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 57 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; script-src 'self' *.googletagmanager.com *.google-analytics.com 'unsafe-eval' https://*.googleapis.com *.typekit.net 'nonce-r8LdwFZVR1hS6neDTTHgnw=='; img-src 'self' data: i.ytimg.com i.vimeocdn.com *.googletagmanager.com *.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com *.google.com; connect-src 'self' *.analytics.google.com *.googletagmanager.com *.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: performance.typekit.net; base-uri 'self'; font-src 'self' fonts.gstatic.com *.typekit.net;- strict-transport-security
max-age=63072000; includeSubDomains
Links to (1)
- cybox.nl×1