ssfh.nl
HTML metadata
Technology
- Server
- Apache
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (1)
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns1.sqr.nl
- ns2.sqr.domains
- ns3.sqr.cloud
- MX
-
- 10 ssfh-nl.mail.eo.outlook.com
- Verified for
-
- Microsoft 365
Email authentication partial
- SPF
-
v=spf1 include:_spf.salesforce.com include:spf.sqr.nl include:spf.protection.outlook.com include:_spf.exsilia.net include:spf.flowmailer.net include:emsd1.com include:spf.thirdwave1.postal.cyso.net -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:dmarc@inbound.flowmailer.net; ruf=mailto:dmarc@inbound.flowmailer.net; fo=1policy: none (monitoring only) - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO/Ls1mjJXqwPaFMNiHW6SE6AtJtPDKwxgVIfad5g2Jy2O7onVSx8lFqt9Uacl0shidbi4l7ORr6Bb…
selectors probed - selector1:
Certificate (current)
PerfectSSL
Expires in 216 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
no-referrer-when-downgrade- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' 'unsafe-inline' fonts.gstatic.com;script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.hotjar.com www.hotjar.com *.google.com *.gstatic.com d3rxaij56vjege.cloudfront.net *.activehosted.com;img-src 'self' data: *.google-analytics.com *.twtest.nl *.local.thirdwave.nl;frame-src 'self' *.hotjar.com *.youtube.com *.vimeo.com *.google.com *.springcast.fm;connect-src 'self' *.google-analytics.com *.hotjar.com stats.g.doubleclick.net- strict-transport-security
max-age=31536000; includeSubDomains