indexo.dev

onzetop.nl

.nl crawl

First seen 2026-05-31 · Last seen 2026-05-31 · ok HTTP/1.1 200 312 ms crawled 2026-06-01

NL · 83.149.93.215 · AS60781 LeaseWeb Netherlands B.V.

Reputation 100/100

Classifying

HTML metadata

Title
Onze Top Originele ideeëngids, koopwijzer en fanplatform met allerlei ranglijsten voor Gadgets, Cadeaus, Tips en Vragen Onze Top fansplatform, Orignele Cadeau Ideeëngids en Koopwijzer met hebbedingetjes ranglijsten en online verlanglijstjes
Language
nl

Technology

CMS
WordPress
Stack
PHP
Analytics
  • Google Analytics
  • Google Tag Manager
Ads
  • Google AdSense
Fonts
  • Google Fonts
Third-party hosts loaded (16)
  • cdn.4b.is×11
  • media.s-bol.com×10
  • adn.lnkn.be×1
  • ajax.googleapis.com×1
  • apis.google.com×1
  • cdn.affiliatemngr.com×1
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • google-analytics.com×1
  • hollandse-huisjes.nl×1
  • m.media-amazon.com×1
  • pagead2.googlesyndication.com×1
  • ssl.google-analytics.com×1
  • www.google-analytics.com×1
  • www.googletagmanager.com×1
  • youtube.com×1

Social

DNS records live

NS
  • hyperion.ns.4bisnl.net
  • theia.ns.4bisnl.net
MX
  • 10 mail.4bis.nl
Verified for
  • Google

Email authentication strong

SPF
v=spf1 mx a include:4bis.nl ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc@onzetop.nl; ruf=mailto:dmarc@onzetop.nl; rf=afrf; pct=100; ri=86400
policy: quarantine · sp=quarantine
DKIM
no key found at common selectors

Certificate (current)

E8
from 2026-05-25 to 2026-08-23
Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://onzetop.nl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' https: data: blob: wss:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob:; frame-src https: blob: data:; frame-ancestors 'self';
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (6)