indexo.dev

ndff.nl

.nl crawl

First seen 2026-06-01 · Last seen 2026-06-01 · ok HTTP/1.1 200 380 ms crawled 2026-06-01

NL · 84.22.103.111 · AS196752 Tilaa B.V.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
De meest complete natuurdatabank van Nederland - NDFF
Language
nl-NL
Canonical
https://ndff.nl/

Open Graph

url
https://ndff.nl/
title
De meest complete natuurdatabank van Nederland - NDFF
locale
nl_NL
site name
NDFF

Technology

Server
nginx
CMS
WordPress
Cookie consent
  • Cookiebot

Third-party hosts loaded (1)

  • consent.cookiebot.com×1

Social

DNS records live

NS
  • ns1.duocast.net
  • ns2.duocast.net
MX
  • 10 plesk2.duocast.net
TXT
  • atlassian-sending-domain-verification=700a9fdf-29c7-4c21-bd94-0090d5d123a2
Verified for
  • Google
  • Microsoft

Email authentication partial

SPF
v=spf1 include:mail.zendesk.com include:spf.protection.outlook.com include:_spf.duocast.net include:_spf.shared.lvl.li include:mailgun.org -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+ZO4gI7hZ7olcuNw+tLw20zTg+a6I+Pp6YKlQDFHUz9NsIVmlbVGPNPMRPFu/s8P9eQoLOfzFHRMYJgULl3Z…
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
  • mail: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SpXjgt6MaL2wu/wjNc9GhtagZ3mD5YR87X8YgfSXduPr0JHBg/aCvky2UyiP14pIxsw…
selectors probed

Certificate (current)

E8
from 2026-04-08 to 2026-07-07
Expires in 34 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://ndff.nl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests
strict-transport-security
max-age=63072000

Links to (6)

Linked from (1)