indexo.dev

railov.nl

.nl crawl

First seen 2026-05-28 · Last seen 2026-05-30 · ok HTTP/1.1 200 249 ms crawled 2026-05-30

NL · 89.41.170.253 · AS20857 Signet B.V.

Reputation 69/100 listed in spam blocklist dmarc monitor-only

Classifying

HTML metadata

Title
Rail & OV
Language
nl

Technology

Server
nginx
CMS
Gatsby
Stack
Django
Analytics
  • Google Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (6)

  • fonts.gstatic.com×10
  • fonts.googleapis.com×3
  • wm-livechat-2-prod-dot-watermelonmessenger.appspot.com×2
  • chatwidget-prod.web.app×1
  • www.google-analytics.com×1
  • www.googletagmanager.com×1

DNS records live

NS
  • alla.ns.cloudflare.com
  • vin.ns.cloudflare.com
MX
  • 0 railov-nl.mail.protection.outlook.com
TXT
Show 7 TXT records
  • iMQqbpjSmeB2Lr59W2OjkR9HnvWwkehPVurCLJuTH70GAnImBxfNCBhFiMWuEAIi
  • jcqioy7dBRVWQDTDoBzmUscqckXoP14NWc4xYhW1xIFHXljuoVDaip2vwoGey92y
  • 1xlbKs28KRph9UeLSkMMiFRMnVb8JCfjj72hozbkbC2UYrNMe4TW3C5nuwit6gq4
  • 7ebea059bfb8a365100ae60a0b97d5e132e3a5b4c5435f8eab15376eec73247d
  • DmB0XvEJIStwG6brrVcPcEpVYxjRGchiosaDIiDWSKLgT7alLl8zKDGCTT2EHV38
  • OVN4ndUw8wSARY7Hz49CjMRzJDpUz8oaMQSOGIHP5TbmTlEvgwV4LF9xzdXWkjFT
  • QuoVadis=792aff25-ce96-4408-9661-383706593e91
Verified for
  • 1Password
  • Atlassian
  • DocuSign
  • Dynamics 365
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.railov.nl.eu-y8e95cgi.e1.dspf.app -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:y8e95cgi@ag.eu.dmarcadvisor.com; ruf=mailto:dmarc@railov.nl; fo=1
policy: none (monitoring only)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu25NX3SgDjRDDBLWB9EyIM1L/XEO1Ed8HNrQk2WYQi217Qob6b+YtKBdVjZi0mHlQ1NyV8fH9R7JLN…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLCFXnAoKrfjJ01PV42XJWQZPEePCM9W/pj9CWx5vo57MTPSPW7yNHTO3SkWPJeQAoCtet6rK0GAqk2D5U…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbYcOj0m375LYk9qIzL7Bc9KrjRqnvPLaK/yskt0n0rMhky+4uDfZ2/d6yJ1jpdTzrI/hMbjtjOalBrlYvICXVnw…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-08-12 to 2026-08-13
Expires in 73 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://railov.nl/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
script-src www.googletagmanager.com www.google-analytics.com 'self' wm-livechat-2-prod-dot-watermelonmessenger.appspot.com *.usabilla.com railov.h5mag.com magazine.railov.nl chatwidget-prod.web.app api.ipify.org 'nonce-jbVyiBGHZNUTsI3HiB3J7buF0PsfyxpFpFXeZtSOR5GThbCkBbN7e4uskTbQMYOX=='; style-src fonts.googleapis.com 'unsafe-inline' 'self' wm-livechat-2-prod-dot-watermelonmessenger.appspot.com chatwidget-css.web.app *.cloudfront.net api.ipify.org; base-uri 'self' d6tizftlrpuof.cloudfront.net; form-action 'self'; img-src data: www.google-analytics.com 'self' wm-livechat-2-prod-dot-watermelonmessenger.appspot.com *.cloudfront.net *.usabilla.com railov.h5mag.com static.h5mag.com firebasestorage.googleapis.com api.ipify.org; frame-ancestors 'self' wm-livechat-2-prod-dot-watermelonmessenger.appspot.com magazine.railov.nl api.ipify.org; default-src 'self'; font-src 'self' fonts.gstatic.com railov.h5mag.com static.h5mag.com api.ipify.org; object-src 'none'; child-src 'self' www.youtube.com wm
strict-transport-security
max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy
same-origin

Links to (17)

Linked from (1)