nsm.no

.no crawl

First seen 2026-05-27 · Last seen 2026-05-29 · ok HTTP/1.1 200 421 ms crawled 2026-05-30

US · 104.18.26.43 · AS13335 Cloudflare, Inc.

Reputation 100/100

sector government type landing page

HTML metadata

Title

Nasjonal sikkerhetsmyndighet - Forsiden

Language

Generator

CMS

Canonical

https://nsm.no/

Translations

Feeds

Open Graph

url: https://nsm.no/
title: Nasjonal sikkerhetsmyndighet - Forsiden
locale: no_NO
site name: Nasjonal sikkerhetsmyndighet

Technology

CDN: Cloudflare

Contact

Email

postmottak@nsm.no

Phone

67864000

DNS records live

NS

brenna.ns.cloudflare.com
rene.ns.cloudflare.com

MX

10 mx2.fd.dep.no
20 mx1.fd.dep.no

TXT

MS=C3316506D65C1F4018BDA10349946E5AB5806284

Verified for

Apple
Google

Email authentication strong

SPF

v=spf1 mx -all

strict (-all)

DMARC

v=DMARC1;p=reject;pct=100;rua=mailto:95f8c49c55f9402eaa03e317ed322b41@dmarc-reports.cloudflare.net,mailto:biegeseeze@reports.dmarc.no;ruf=mailto:biegeseeze@reports.dmarc.no;fo=s;

policy: reject (enforced)

DKIM

k2: v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQV356nZuH2z/lUMXWANI+MfSY+N7zjN1a22FfKQ0u3Sgy+WQBHr0fx+HpjSeCtyQfUHVCl8+meAJjBecm1LjN…

selectors probed

Certificate (current)

WE1

from 2026-04-11 to 2026-07-10

Expires in 39 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://nsm.no/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'nonce-864e8f0095' 'self' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' data: *.checkin.no; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' data: *.checkin.no wss://ws.checkin.no *.execute-api.eu-west-1.amazonaws.com; media-src 'self'; object-src 'none'; frame-src 'self' https://w.soundcloud.com https://registration.checkin.no https://ljsp.lwcdn.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self'; worker-src 'self' blob:; script-src-attr 'none'; trusted-types default vue; require-trusted-types-for 'script'; upgrade-insecure-requests; block-all-mixed-content
strict-transport-security: max-age=31536000; preload

Links to (2)

uustatus.no×1
muniolms.com×1

Linked from (1)

kins.no×1