indexo.dev

lcr.nl

.nl crawl

First seen 2026-05-14 · Last seen 2026-05-19 · ok HTTP/1.1 200 4506 ms crawled 2026-05-19

NL · 40.74.0.237 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
LCR - Reizigersadvisering
Language
en

Technology

Server
This
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • produlcrproduasset.blob.core.windows.net×3
  • fonts.gstatic.com×1

Registration

Registrar
BIT B.V.
Created
1996-08-11
Updated
2025-06-17
Name servers
  • nsauth3.bit.org
  • nsauth2.bit.nl
  • nsauth1.bit.nl

DNS records live

NS
  • nsauth1.bit.nl
  • nsauth2.bit.nl
  • nsauth3.bit.org
MX
  • 9 lcr-nl.mail.protection.outlook.com
Verified for
  • Microsoft
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:193.176.253.5 ip4:193.176.253.6 ip4:212.78.166.65 ip4:212.78.166.66 ip4:92.42.235.126 include:spf.pe-online.org include:spf.protection.outlook.com include:spf.flowmailer.net -all
strict (-all)
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:postmaster@lcr.nl
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TTmxUrECIu//VucaxyDd27XUfVykClAjf7ues0O2A7TnBemhzXvF39JGXpZghLRRnpVpMZxtg4zYW…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-08-04 to 2026-08-30
Expires in 101 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://lcr.nl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin
x-frame-options
deny
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(self),camera=(self),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' data:; object-src 'none'; font-src 'self' https://fonts.gstatic.com; child-src 'self'; worker-src blob: ; img-src 'self' data: https://devellcrdevelasset.blob.core.windows.net https://devellcraccepasset.blob.core.windows.net https://produlcrproduasset.blob.core.windows.net https://cdn.jsdelivr.net/gh/lipis/flag-icons@6.6.6/flags/4x3/; frame-ancestors 'none'; script-src 'self' https://lcraccount.containers.piwik.pro/303dafc7-5c16-4dad-a325-59b68d2a4e7a.js https://lcraccount.containers.piwik.pro/ppms.js 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net/gh/lipis/flag-icons@6.6.6/css/flag-icons.min.css 'unsafe-inline'; connect-src * 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content
strict-transport-security
max-age=63072000; includeSubdomains
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin

Linked from (1)