hvhl.nl

HTML metadata

Title: Hogeschool Van Hall Larenstein - Velp & Leeuwarden
Description: Bouw aan jouw toekomst en werk aan de wereld. Kies voor Hogeschool Van Hall Larenstein in Leeuwarden of in Velp. Building Your World.
Language: nl

Open Graph

url: https://www.hvhl.nl/
title: Maak je keuze bij HVHL
description: Bouw aan jouw toekomst en werk aan de wereld. Kies voor Hogeschool Van Hall Larenstein in Leeuwarden of in Velp. Building Your World.

Technology

Server: nginx
CMS: Gatsby

Third-party hosts loaded (1)

fd-cdn.nl×64

Social

DNS records live

NS

ns1.surfnet.nl
ns1.zurich.surf.net
ns2.surfnet.nl
ns3.surfnet.nl

MX

1 hvhl-nl.mail.protection.outlook.com

TXT

Show 6 TXT records

mailerlite-domain-verification=43cc617cad67ce8d9ebec5921b2cbaa7f3ff1b3f
mailerlite-domain-verification=6589aba512e9ec905e86ff678a1d78f51e4e0a8f
mailerlite-domain-verification=86196751f84b9d77b016e0e8c0033a4fa15ce68c
mailerlite-domain-verification=497bcd6c9d7099cc6df0d293dd577c5a61c14467
mailerlite-domain-verification=edf8ea772e4932db6b730c4b9f9e65f196549db6
autodesk-domain-verification=_mzi8F_rFE35CGK_4Xaf

Verified for

Dynamics 365
HARICA

Email authentication strong

SPF

v=spf1 include:_spf1.hvhl.nl include:_spf2.hvhl.nl include:spf.protection.outlook.com include:spf.interconnect.nl include:amazonses.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc@hvhl.nl; ruf=mailto:dmarc@hvhl.nl

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrZ9KfS77VnqllShNlpKe/ZjClNutIxx4uzi1xAmcH2623dgM0vFSTgEo9vO9StyOzr0JnOfj/kM2BOTTBmb…

selectors probed

Certificate (current)

GEANT TLS RSA 1

from 2025-06-04 to 2026-06-04

Expires in 4 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.hvhl.nl/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: style-src 'self' 'unsafe-inline' https://minio.fourdigits.nl/ https://fd-cdn.nl/ https://cdn.unibuddy.co/; frame-src 'self' https://newassets.hcaptcha.com/ https://www.youtube.com/ https://*.dynamics.com/ https://tr.snapchat.com/ https://consent.cookiebot.eu/ https://consentcdn.cookiebot.eu/ https://player.vimeo.com/ https://sst.hvhl.nl/ https://unibuddy.co https://*.unibuddy.co https://unibuddy.com https://*.unibuddy.com; object-src 'unsafe-eval'; media-src 'self'; default-src 'self' https://minio.fourdigits.nl/ https://fd-cdn.nl/; connect-src 'self' https://releases.wagtail.org/ https://newassets.hcaptcha.com/ https://*.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://api.cookieconsent.io/ https://*.google-analytics.com/ https://*.snapchat.com/ https://px.ads.linkedin.com/ https://sst.hvhl.nl/ https://sst.vhluas.de/ https://sst.vhluas.com/ https://hvhl.matomo.cloud/ https://hvhl.containers.piwik.pro/ https://hvhl.piwik.pro/ https://api.taggrs.io/ https://
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin-allow-popups