indexo.dev

metanoiagroep.nl

.nl crawl

First seen 2026-05-30 · Last seen 2026-05-30 · ok HTTP/1.1 200 742 ms crawled 2026-05-31

NL · 31.7.0.208 · AS20847 Previder B.V.

Reputation 100/100

Classifying

HTML metadata

Title
Home
Language
nl
Canonical
https://metanoiagroep.nl/nl/home

Open Graph

url
https://metanoiagroep.nl/home
site name
Metanoia

Technology

PHP
8.3.31 security-only
Stack
Laravel

Third-party hosts loaded (2)

  • s3.k8s.shockmedia.nl×3
  • challenges.cloudflare.com×1

Social

Contact

Email

DNS records live

NS
  • ns01.hostnet.nl
  • ns02.hostnet.nl
MX
  • 0 metanoiagroep-nl.mail.protection.outlook.com
Verified for
  • Microsoft 365

Email authentication strong

SPF
v=spf1 a mx include:spf.protection.outlook.com include:spf.afas.online include:spf.EU.exclaimer.net include:_spf.mailer.twinfield.com -all
strict (-all)
DMARC
v=DMARC1; p=reject
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UZYqG+RuYEi21pwjUFN5qsRDnix5r2xVPjiblJWLzdHWUgbNBJI5IiR73oSdT9S63Nl2e6FI8diWc…
selectors probed

Certificate (current)

R12
from 2026-05-22 to 2026-08-20
Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://metanoiagroep.nl/home

present
  • strict-transport-security
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • missing Content Security Policy
  • weak frame protection
Header values
referrer-policy
same-origin
x-frame-options
allow-from 'self' metanoiagroep.nl www.metanoiagroep.nl
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), attribution-reporting=*, autoplay=(self), bluetooth=(self), browsing-topics=*, camera=(self), compute-pressure=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), fullscreen=(self), gamepad=(self), geolocation=(self), gyroscope=(self), hid=(self), identity-credentials-get=(self), idle-detection=(self), local-fonts=(self), magnetometer=(self), microphone=(self), midi=(self), otp-credentials=(self), payment=(self), picture-in-picture=*, publickey-credentials-create=(self), publickey-credentials-get=(self), screen-wake-lock=(self), serial=(self), speaker-selection=(self), storage-access=*, usb=(self), web-share=(self), window-management=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-opener-policy
unsafe-none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin

Links to (5)

Linked from (1)