hetnationalebibliotheekcongres.nl
HTML metadata
Technology
- Server
- Apache
- jQuery
- 4.0.0
- Stack
- PHP
Third-party hosts loaded (3)
- core.spitz.nu×12
- plausible.dewebmakers.nl×1
- www.google.com×1
DNS records live
- NS
-
- ns1.dewebmakers.nl
- ns2.dewebmakers.nl
- MX
-
- 10 mail.hetnationalebibliotheekcongres.nl
- Verified for
-
Email authentication weak
- SPF
-
v=spf1 include:spf.dewebmakers.nl include:email.activetickets.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E7
Expires in 67 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://devcore.spitz.nu https://core.spitz.nu https://player.vimeo.com https://www.gstatic.com https://*.tawk.to https://jitsi.spitz.nu https://source.zoom.us https://zoom.us/ https://*.google.com https://plausible.dewebmakers.nl; object-src 'self'; style-src 'self' 'unsafe-inline' https://devcore.spitz.nu https://core.spitz.nu https://www.gstatic.com https://fonts.googleapis.com https://jitsi.spitz.nu https://source.zoom.us https://*.tawk.to https://plausible.dewebmakers.nl; img-src 'self' https://*.tawk.to data: https://*.vimeocdn.com https://devcore.spitz.nu https://core.spitz.nu https://plausible.dewebmakers.nl https://*.scdn.co; media-src 'self' https://*.tawk.to https://source.zoom.us blob: https://devcore.spitz.nu https://core.spitz.nu https://*.scdn.co; frame-src 'self' https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.tawk.to https://jitsi.spitz.- strict-transport-security
max-age=63072000; includeSubDomains