huismanequipment.com

HTML metadata

Title

Heavy lifting and construction equipment - Huisman

Description

Heavy equipment for renewable energy, oil and gas, civil, minerals and entertainment markets. Cranes, Offshore Wind Tools, Pipelay and Drilling Equipment.

Language

nl

Canonical

https://www.huismanequipment.com/en/

Translations

en
nl
zh

Open Graph

url: https://www.huismanequipment.com/en/
title: Heavy lifting and construction equipment
description: Heavy equipment for renewable energy, oil and gas, civil, minerals and entertainment markets. Cranes, Offshore Wind Tools, Pipelay and Drilling Equipment.

Technology

Server: Apache
PHP: 8.1.34 end of life
jQuery: 3.5.1
Stack: PHP

Analytics

Google Tag Manager

Social widgets

Vimeo Embed

Third-party hosts loaded (3)

player.vimeo.com×8
www.googletagmanager.com×1
www.termsfeed.com×1

Social

Contact

Email

Phone

Registration

Registrar

Key-Systems GmbH

Created

2007-06-08

Expires

2026-06-08 5 days left

Updated

2025-11-30

Name servers

ns0.transip.net
ns1.transip.nl
ns2.transip.eu

DNS records live

NS

ns0.transip.net
ns1.transip.nl
ns2.transip.eu

MX

10 cust16507-1.in.mailcontrol.com
10 cust16507-2.in.mailcontrol.com

Verified for

Google

Email authentication strong

SPF: v=spf1 a mx -all
strict (-all)
DMARC: v=DMARC1; p=quarantine; rua=mailto:it-security@huisman-nl.com; ruf=mailto:it-security@huisman-nl.com; pct=100
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-02-20 to 2027-02-27

Expires in 269 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.huismanequipment.com/en/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src https: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.termsfeed.com *.google.com *.google.nl *.googleadservices.com *.googlesyndication.com *.google-analytics.com maps.googleapis.com *.google.com *.linkedin.com cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net; frame-src *.googletagmanager.com *.doubleclick.net *.mailerlite.com *.youtube.com *.vimeo.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.nl *.doubleclick.net code.jquery.com stackpath.bootstrapcdn.com player.vimeo.com maps.googleapis.com maps.gstatic.com tagmanager.google.com *.googletagmanager.com *.googleadservices.com snap.licdn.com static.mailerlite.com *.google-analytics.com ssl.google-analytics.com www.termsfeed.com https://*.hotjar.com http://app.mailerlite.com/ 'unsafe-inline'; img-src 'self' googleads.g.doubleclick.net *.googleadservices.com ssl.gstatic.com www.gstatic.c
strict-transport-security: max-age=63072000; includeSubDomains; preload