nac.nl

HTML metadata

Title: Officiële website NAC Breda - NAC.nl
Description: Welkom op de website van NAC Breda. NAC (Noad Advendo Combinatie) Breda is opgericht op 19 september 1912.
Language: nl
Canonical: https://www.nac.nl/

Open Graph

url: https://www.nac.nl/
title: NAC Breda
site name: NAC Breda

Technology

Server: nginx
Stack: PHP

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

DNS records live

NS

alina.ns.cloudflare.com
coen.ns.cloudflare.com

MX

0 nac-nl.mail.protection.outlook.com

Verified for

Microsoft 365

Email authentication strong

SPF

v=spf1 a mx include:sendgrid.net include:spf.afas.online include:spfcloud.letsignit.com include:spf.protection.outlook.com include:_spf.twikey.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc@nac.nl;

policy: quarantine

DKIM

Show 4 DKIM selectors

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVPKhKnICLFxwxPMIHb3eTGRgCCFof2qbDlu6plGTdwZX9ndpJ6VyhGMYK+zuXL0yZoxUgEElQh+biwnGJ9x…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOdDd57yjldJkNX4tCKPuFjevEuWauhaTq0l4f2ZtxpladbPWEPqAdAjFAIp2jSbtVXGguyZNAEu55alkUt8…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzqM6lHoRgSYKF9mWmGfcltOMgKVjbBb+Gn3/QUA/+hvBvnGeEGI0OXTsO2MpYMXsiI6STkA7xMUotOk4V…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLDvc7kpBNoW2BkSgBteNux26mOEhvrdMUptpBM1PnO+fJTh+9T4hVYylYhMgiOkIBaKt+DvItcj1OOm5WyQ8Nij…

selectors probed

Certificate (current)

R13

from 2026-04-24 to 2026-07-23

Expires in 53 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.nac.nl/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: connect-src 'self' region1.analytics.google.com *.google-analytics.com *.cookiecode.nl *.googleapis.com stats.g.doubleclick.net *.clarity.ms *.sentry.io *.facebook.com *.googletagmanager.com *.hotjar.io *.hotjar.com *.salesfeed.com *.cookie-script.com *.execute-api.eu-central-1.amazonaws.com *.google.com *.facebook.com *.googletagmanager.com connect.facebook.net f4c378bb19cc42e0bf0001bfa4d41f41.events.ubembed.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com ;default-src 'self' ;frame-ancestors 'self' ;frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.hotjar.com f4c378bb19cc42e0bf0001bfa4d41f41.pages.ubembed.com wdgt.slinger.to *.doubleclick.net ;media-src 'self' ;object-src 'none' ; report-uri https://www.nac.nl/.csp-violation; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.hotjar
strict-transport-security: max-age=63072000