onebase.io
HTML metadata
Technology
- CDN
- Amazon CloudFront
Third-party hosts loaded (1)
- static.kpn.com×4
DNS records
Email authentication weak
- SPF
-
v=spf1 ip4:89.146.30.0/27 include:spf.protection.outlook.com -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificates
Loading certificate
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
connect-src 'self' https://westeurope-5.in.applicationinsights.azure.com https://stsupervisionappfuncprod.blob.core.windows.net https://dpm.demdex.net https://omsc.kpn.com https://adobedc.demdex.net https://edge.adobedc.net https://*.onetrust.com *.tt.omtrdc.net kpn.data.adobedc.net https://*.kpn.com *.mopinion.com https://fonts.gstatic.com https://saonebase.irma.kpn.net blob: api.onebase.io account.onebase.io scim.routit.nl ws://onebase-signalr-prd.service.signalr.net https://onebase-signalr-prd.service.signalr.net https://www.kpn.com https://auth.grip-on-it.com saonebase.irma.kpn.net blob: api.onebase.io *.interactievetv.nl https://js.monitor.azure.com; media-src blob:; script-src 'self' https://cdn-ukwest.onetrust.com https://assets.adobedtm.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.demdex.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net https://*.kpn.com *.mopinion.com 'nonce-63727ed1f57a3e28fb76cb31e15be36b'; style-src 'self' 'unsafe-inline' https://*.kpn.com http- strict-transport-security
max-age=31536000; includeSubDomains