indexo.dev

gratisretourneren.nl

.nl crawl

First seen 2026-05-20 · Last seen 2026-05-27 · ok HTTP/1.1 200 1189 ms crawled 2026-05-27

NL · 185.104.29.154 · AS206281 Stichting DIGI NL

Reputation 69/100 wrong cert dmarc monitor-only

Classifying

HTML metadata

Title
Gratis Retourneren - overzicht van winkels
Description
Deze site biedt een overzicht van webwinkels waar je je gekochte product kosteloos kunt terugsturen.
Language
nl
Canonical
https://www.gratisretourneren.nl

Open Graph

title
Gratis Retourneren - overzicht van winkels
site name
Gratis Retourneren
description
Deze site biedt een overzicht van webwinkels waar je je gekochte product kosteloos kunt terugsturen.

Technology

Server
BunnyCDN-DE1-1332
PHP
8.3.27 security-only
Social widgets
  • YouTube Embed

Third-party hosts loaded (1)

  • www.youtube-nocookie.com×1

DNS records live

NS
  • ns.zxcs.be
  • ns.zxcs.eu
  • ns.zxcs.nl
MX
  • 10 spamrelay.zxcs.nl
TXT
  • site-verification=58de398b4c9bebfbf46ce7efc775fc71
  • site-verification=54a0656624103e648fe474d0050c7162
Verified for
  • Google

Email authentication partial

SPF
v=spf1 a mx ip4:185.104.29.154 ip6:2a06:2ec0:1:0:0:0:0:159 include:filter-out.zxcs.nl ~all
softfail (~all)
DMARC
v=DMARC1; p=none; sp=none;
policy: none (monitoring only) · sp=none
DKIM
no key found at common selectors

Certificate (current) wrong cert

Sectigo Public Server Authentication CA DV R36
from 2026-03-24 to 2026-10-09
Expires in 130 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.gratisretourneren.nl/

present
  • strict-transport-security
  • content-security-policy
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
content-security-policy
font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; media-src 'self'; default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://static.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://surveystats.hotjar.com https://*.googlesyndication.com https://*.googleusercontent.com https://fundingchoicesmessages.google.com https://www.gstatic.com https://partner.googleadservices.com; img-src https://script.hotjar.com 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://fundingchoicesmessages.google.com https://www.gstatic.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.youtube-nocookie.com https://vars.hotjar.com https://*.doubleclick.net https://tpc.googlesyndication.com https://www.google.com; connect-sr
strict-transport-security
max-age=31536000; includeSubDomains

Links to (2)

Linked from (1)