lumc.nl
HTML metadata
&width=500&height=500)
Technology
- CDN
- Cloudflare
- CMS
- Gatsby
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- Cookiebot
Third-party hosts loaded (2)
- consent.cookiebot.com×1
- www.googletagmanager.com×1
Social
Registration
- Registrar
- SURF B.V.
- Created
- 1997-08-25
- Updated
- 2025-07-04
- Name servers
-
- ns2.surfnet.nl
- ns1.zurich.surf.net
- ns1.surfnet.nl
DNS records live
- NS
-
- ns1.surfnet.nl
- ns1.zurich.surf.net
- ns2.surfnet.nl
- MX
-
- 10 lumc-nl.s-v1.mx.microsoft
- TXT
-
Show 4 TXT records
pexip-ms-tenant-domain-verification=44b26bb2-f6cf-45d9-8b34-a2fad6a3a71chave-i-been-pwned-verification=23d8d2c3549401234a2278d1c056cb45pexip-portal-domain-verification=44b26bb2-f6cf-45d9-8b34-a2fad6a3a71cQdhgRNw8+q9gSkFEbke6ysIa8hMmZ4rvrOW8A1gc5VB/uisSphfmtmIU41/hdCPeHNPmplIceHbSJLaZ9/d1Hw==
- Verified for
-
- Adobe
- Brevo
- Dynamics 365
- HARICA
- Microsoft 365
Email authentication strong
- SPF
-
v=spf1 include:spf.lumc.nl.eu-7wa3oe8s.e1.dspf.app -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:7wa3oe8s@ag.eu.dmarcadvisor.com;policy: reject (enforced) - DKIM
-
Show 5 DKIM selectors
- selector1:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIsefeA5PhJTZ7eukFxZDUPW8LWhM5m0WZg2vpybmka9ouKzDIeAyhrZcTCQyCHfYMCptidzPKd7HpwHijHA… - k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA… - mail:
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxBltSH57s95FDRiEBpJEu5YPfH4U5NkvvnHKSkUMCuvkuGLVIxHtceDQOGujR/fKkmMlpk7/yC7pZQ9pB… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqpBq6XZDF1N/PmZ9c7+uGt0H+kLtM9YP2qSzdb/kl/xxgCMjO7NsjWF+Kn5U9YmdWvxeLRE9CDNTmHk26rv2shy…
selectors probed - selector1:
Certificate (current)
GEANT TLS ECC 1
Expires in 77 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
sameorigin- permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' blob: federatie.lumc.nl topdesk.lumc.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com cdn.jsdelivr.net *.vo.msecnd.net *.vev.page *.vev.design *.cookiebot.com giftforms.nl fundfactory.nl *.visualwebsiteoptimizer.com app.vwo.com blob: *.lumc.nl *.ytimg.com *.gstatic.com *.hotjar.com dl.episerver.net *.google.com *.googletagmanager.com www.google-analytics.com *.mailplus.nl *.azure.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com snap.licdn.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.lumc.nl cdn.jsdelivr.net *.visualwebsiteoptimizer.com giftforms.nl app.vwo.com s3.amazonaws.com *.cloudflare.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com dl.episerver.net static.mailplus.nl; img-src 'self' *.ytimg.com blob: data: *.lumc.nl *.visualwebsiteoptimizer.com *.vev.design *.cookiebot.com giftforms.nl fundfactory.nl chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.gstatic.com *.hotjar.com www.g- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
same-origin- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
same-site