kotee.be

HTML metadata

Title

Home | Kotee

Description

Dicht bij jou! Een thuiszorgdienst die nog dichter bij de mensen staat. Dat is de visie van Kotee, de koepel van thuiszorgdiensten van zorgorganisatie Motena.

Language

nl

Canonical

https://www.kotee.be/

Translations

nl

Open Graph

url: https://www.kotee.be/home
title: Home
image:url: https://www.kotee.be/themes/custom/kotee/opengraph.png
site name: Kotee
description: Thuisdiensten dicht bij jou!

Technology

Server: nginx
CMS: Drupal

Analytics

Google Tag Manager

Third-party hosts loaded (2)

cdn.jsdelivr.net×2
www.googletagmanager.com×1

Social

Contact

Email

Phone

051 24 60 50

DNS records live

NS

ns1.combell.eu
ns3.combell.net
ns4.combell.net

MX

50 spam.motena.be

TXT

mandrill_verify.gdgwsvH4FO96PrknOBbRTQ

Verified for

Google
Meta
Microsoft 365

Email authentication strong

SPF

v=spf1 include:spf1.motena.be include:spf2.motena.be -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc_agg@vali.email

policy: quarantine

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R12

from 2026-05-24 to 2026-08-22

Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.kotee.be/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com *.jsdelivr.net *.typekit.net *.googletagmanager.com; img-src 'self' 'unsafe-inline' cdnjs.cloudflare.com data: *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hsforms.com *.hubspot.com *.ytimg.com *; media-src 'self' *.vimeo.com *.youtube.com; frame-src 'self' *.vimeo.com *.youtube.com *.addtoany.com *.youtube-nocookie.com *; font-src *.googleusercontent.com *.gstatic.com 'self' cdnjs.cloudflare.com *.typekit.net *; connect-src ws://127.0.0.1:* 'self' *; report-uri /report-csp-violation
strict-transport-security: max-age=15768000; includeSubDomains; preload