nbb.be — domain check, WHOIS, DNS & reputation

HTML metadata

Title: Language selection | National Bank of Belgium
Language: en
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://www.nbb.be/en/language-picker

Open Graph

url: https://www.nbb.be/en/language-picker
title: Language selection | National Bank of Belgium
site name: National Bank of Belgium

Technology

CDN: Cloudflare
CMS: Drupal

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (3)

consent.cookiebot.com×1
matomo-nbb.rdbe.live×1
www.googletagmanager.com×1

DNS records live

NS

ns1-03.azure-dns.com
ns2-03.azure-dns.net
ns3-03.azure-dns.org
ns4-03.azure-dns.info

MX

10 nbb-be.mail.protection.outlook.com

TXT

Show 6 TXT records

3LgQVTqsXlz/zW19Wz/UZebOlFLdydkP0Le4aIltIP0NPwAiCodR8/ePeNx2dNGA5Lwk6w9GttDrFFRhEBMCsA==
uk1k6muv5olq2f47fsggch85vr
Foxit-domain-verification=324a7ef7bda4b66252885d6f3560aa27
mandrill_verify.VgstuIYm1ArrRUP37C3eLg
successfactors-site-verification=NDQ3YjIxODE4Yjg1YjAwYTNmNDRhOGE5OWU5M2VhMjQxNmViZTczY2QwYThkZDRjN2VhMTQ1YjQ4ODViMTMxZg==
fUBRhXhnkFp789J4D9aPYHBbaNZJpUrqtKAlzJjT3VEbV30PcT1B2CzRlZ4cRfEbZ+Xz0EdnC/VCnyeqUZOBKA==

Verified for

Apple
Atlassian
Cisco
GlobalSign
Google

Email authentication strong

SPF

v=spf1 mx a:mail01.nbb.be a:mail02.nbb.be include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; sp=none;rua=mailto:58bd3536@mxtoolbox.dmarc-report.com,mailto:Infrastructure.Mail@nbb.be,mailto:dmarc_agg@vali.email;ruf=mailto:58bd3536@forensics.dmarc-report.com,mailto:Infrastructure.Mail@nbb.be;fo=1

policy: quarantine · sp=none

DKIM

Show 4 DKIM selectors

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CTVEwXmLN43lGnXmGrdF67doly2mLyuFOzAbhRHxleNEmvch8nfECLItSku8pGO8xLdvPit87W6xa…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBgvSjxfI1wt5gJTwVULPKO8WWE+YB4lG2BXNN2UXK3XNt1piewe9ELgwfJU+E+VbZzg6V/v73iNMx…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39F7Ycr30KzlKj7LVg/xSbgVcbEyPNaM6SJEaa9sb+MKaIzEpAiLb/zMkm8TFggqibocCmBUp6wJs2cCPI…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXL77xHvRPtWqeUYP7WuMwKW+93ZQRx5iG74TYHZyfukfmlOLV9rjUrJZr8LA5tCYgEAnOsMqg9GS51JtTddSqLb…

selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2025-07-18 to 2026-08-19

Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.nbb.be/language-picker?destination=/node/29415

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.recaptcha.net https://*.googletagmanager.com https://*.google-analytics.com https://*.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://*.juicer.io https://matomo-nbb.rdbe.live https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.botframework.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://*.windows.net https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; img-src 'self' blob: https://www.google-analytics.com data: https://www.google.com/recaptcha/ https://fonts.gstatic.com https://www.googletagmanager.com http://www.ecb.int/ https://imgsct.cookiebot.com https://*.platformsh.site; frame-src 'self' https://www.recaptcha.net https://www.youtube-nocookie.com/ https://*.youtube.com https://*.google.com https://*.vimeo.com htt
strict-transport-security: max-age=31536000