hetcnn.nl
HTML metadata
Technology
- Server
- nginx
- Fonts
-
- Google Fonts
Third-party hosts loaded (3)
- fonts.googleapis.com×2
- fonts.gstatic.com×1
- static.genkgo.com×1
Social
DNS records live
- NS
-
- ns1.genkgo.net
- ns2.genkgo.net
- ns3.genkgo.net
- MX
-
- 1 hetcnn-nl.mail.protection.outlook.com
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 a mx include:spf.genkgo.net include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; sp=nonepolicy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
E7
Expires in 75 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
DENY- x-content-type-options
nosniff- content-security-policy
default-src 'self'; child-src 'self' *.youtube.com https://static.genkgo.com https://het-cnn.genkgo.app; connect-src 'self' https://static.genkgo.com https://het-cnn.genkgo.app; font-src 'self' *.googleapis.com *.gstatic.com https://static.genkgo.com https://het-cnn.genkgo.app 'unsafe-inline'; img-src 'self' https://* https://static.genkgo.com https://het-cnn.genkgo.app data:; media-src 'self' https://static.genkgo.com https://het-cnn.genkgo.app; script-src 'self' *.gstatic.com *.youtube.com https://static.genkgo.com https://het-cnn.genkgo.app 'unsafe-inline'; style-src 'self' *.googleapis.com *.gstatic.com https://static.genkgo.com https://het-cnn.genkgo.app 'unsafe-inline'; report-uri https://hetcnn.nl/f/error-report/report/csp; upgrade-insecure-requests- strict-transport-security
max-age=31536000; preload
Links to (3)
Linked from (1)
- svcia.nl×1