hzt.nl

HTML metadata

Title: Welkom bij het Zuidelijk Toneel | Website
Description: Het Zuidelijk Toneel is hét gezelschap van het zuiden gevestigd in Tilburg. Onder artistiek leiderschap van Sarah Moeremans maken ze divers theater.
Language: nl

Open Graph

url: https://www.hzt.nl/
title: Welkom bij het Zuidelijk Toneel | Website
description: Het Zuidelijk Toneel is hét gezelschap van het zuiden gevestigd in Tilburg. Onder artistiek leiderschap van Sarah Moeremans maken ze divers theater.

Technology

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

+0133344500

Address

Ringbaan Oost 8-105013 CA Tilburg

DNS records live

NS

bethany.ns.cloudflare.com
elliott.ns.cloudflare.com

MX

10 hzt-nl.p-v1.mx.microsoft

Email authentication strong

SPF

v=spf1 include:spf_hmail.tvp-it.nl include:spf.protection.outlook.com include:_spf.cre8ion.nl include:spf.afas.online include:_spf.cash.nl ip4:159.100.115.126 ip4:213.125.181.138 -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:watchdog2@watchdog.kevlarr.io; ruf=mailto:watchdog2@watchdog.kevlarr.io; rf=afrf; pct=100; ri=86400

policy: quarantine · sp=quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BO0YVbSPwWBtZFobqgTz1SEujuzhcXc3o//z6HQ6917EmzVfAI1Ovakh8lsavjxubiLeSb4DceR4cjVtML…

selectors probed

Certificate (current)

R12

from 2026-03-30 to 2026-06-28

Expires in 26 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.hzt.nl/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: unsafe-url
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=()
x-content-type-options: nosniff
content-security-policy: block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com cdn.jsdelivr.net recaptcha.net *.doubleclick.net *.facebook.net *.cookiecode.nl connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net *.youtube-nocookie.com *.cookiebot.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com cdn.jsdelivr.net *.cookiecode.nl *.facebook.net; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com ; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com www.hzt.nl *.facebook.com *.google.com *.google.nl h
strict-transport-security: max-age=31536000