stefangroenveld.com

HTML metadata

Title

Stefan Groenveld – Sports, events and portrait photographer

Description

Discover amazing things from unusual angles | Stefan Groenveld – Sports, events and portrait photographer

Language

en-GB

Canonical

https://stefangroenveld.com/

Translations

de
en

Feeds

Stefan Groenveld – Sports, events and portrait photographer » Feed RSS

Open Graph

url: https://stefangroenveld.com/
title: Stefan Groenveld – Sports, events and portrait photographer
locale: en_GB
site name: Stefan Groenveld – Sports, events and portrait photographer
description: Discover amazing things from unusual angles | Stefan Groenveld – Sports, events and portrait photographer
locale:alternate: de_DE

Technology

Server: nginx
CMS: WordPress

Third-party hosts loaded (4)

stefangroenveld.de×2
gmpg.org×1
norden.social×1
sifa.id×1

DNS records live

NS

cns1.cloudpit.de
cns2.cloudpit.com
cns3.cloudpit.io

MX

10 mail.stefangroenveld.com

Email authentication strong

SPF: v=spf1 a mx include:secure-mailgate.com ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; rua=mailto:postmaster@stefangroenveld.com; ruf=mailto:postmaster@stefangroenveld.com; fo=1; sp=none; adkim=s; aspf=s
policy: reject (enforced) · sp=none
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-24 to 2026-07-23

Expires in 64 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://stefangroenveld.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://stefangroenveld.de https://player.vimeo.com https://vitals.flyingpress.com 'inline-speculation-rules'; script-src-elem 'self' 'unsafe-inline' data: https://stefangroenveld.de https://player.vimeo.com https://vitals.flyingpress.com https://cdn.visibilitykit.ai; style-src 'self' 'unsafe-inline' https://stefangroenveld.de; img-src 'self' https://stefangroenveld.de https://*.met.vgwort.de https://i.ytimg.com https://vitals.flyingpress.com data:; font-src 'self' data: https://stefangroenveld.de; connect-src 'self' https://stefangroenveld.de https://vitals.flyingpress.com https://api-free.deepl.com https://api.visibilitykit.ai; worker-src 'self' blob:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://odesli.co; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests;
strict-transport-security: max-age=63072000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin

Links to (1)

stefangroenveld.de×1

Linked from (1)

stefangroenveld.de×1