onderwijsvanwaarde.nl
onderwijsvanwaarde.nl
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
- jQuery
- 3.7.1
Third-party hosts loaded (3)
- assets.ivydigitalmarketing.nl×2
- static.elfsight.com×2
- vanwaarde.testlocatie.website×1
Social
DNS records live
- NS
-
- aisha.ns.cloudflare.com
- damiete.ns.cloudflare.com
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R13
Expires in 61 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
same-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.youtube.com/ https://www.youtube-nocookie.com/ https://open.spotify.com/embed/; script-src 'self' 'nonce-bc2c886a21363ba9cff9d8af0c7b0dd5' 'strict-dynamic' https://universe-static.elfsightcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'unsafe-inline' 'self' https://assets.ivydigitalmarketing.nl; font-src 'self' data:; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://static.elfsight.com https://files.elfsightcdn.com https://phosphor.utils.elfsightcdn.com https://i.ytimg.com; media-src 'self'; connect-src 'self' https://assets.ivydigitalmarketing.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://core.service.elfsight.com https://static.elfsight.com https://storage.elfsight.com https://widget-data.service.elfsight.com;- strict-transport-security
max-age=63072000
Links to (4)
Linked from (1)
- vgs.nl×1