tango.nl

HTML metadata

Title

Tango – Slim tanken, laden en besparen onderweg | Tango

Description

Profiteer van gemak en voordeel bij Tango. Tanken of laden doe je 24/7, met scherpe prijzen, extra’s via de app en meer dan 190 locaties in Nederland

Language

nl

Canonical

https://www.tango.nl

Translations

nl

Open Graph

title: Tango – Slim tanken, laden en besparen onderweg | Tango
description: Profiteer van gemak en voordeel bij Tango. Tanken of laden doe je 24/7, met scherpe prijzen, extra’s via de app en meer dan 190 locaties in Nederland

Technology

CDN: Cloudflare
CMS: Next.js

Third-party hosts loaded (1)

policy.app.cookieinformation.com×1

Social

DNS records live

NS

eric.ns.cloudflare.com
kate.ns.cloudflare.com

MX

5 tango-nl.mail.protection.outlook.com

Verified for

Google

Email authentication strong

SPF

v=spf1 include:mail.zendesk.com include:spf.tmes.trendmicro.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; pct=100; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com; fo=1; aspf=r; adkim=r;

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxbpi0QjqhizWJGGkxAGa53eeoSu1n3+8pQ0dN5c/D6VYAUj6+Mk5bn59O1LczA7Vr8uH04G0b2acC…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-01-29 to 2027-02-28

Expires in 270 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.tango.nl/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: geolocation=(self), fullscreen=(self "https://www.youtube-nocookie.com"), autoplay=(self), picture-in-picture=(self "https://www.youtube-nocookie.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-ancestors https://app.storyblok.com; script-src 'self' 'unsafe-inline' https://app.storyblok.com https://*.cookieinformation.com https://*.googleapis.com https://*.google.com https://*.google.be https://www.gstatic.com https://q8.containers.piwik.pro https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://*.doubleclick.net https://*.bing.com https://*.bing.net https://*.xing.com https://*.leadinfo.net https://*.leadinfo.com https://*.lfeeder.com https://*.leadfeeder.com; img-src 'self' https://*.q8.be https://*.q8.lu https://*.q8truck.com https://*.tango.nl https://*.storyblok.com https://support.q8.be https://support.tango.nl https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.google.be https://*.doubleclick.net https://*.bing.com https://*.bing.net https://*.xing.com https://*.leadinfo.net https://*.leadinfo.com https://*.lfeeder.com https://*.leadfee
strict-transport-security: max-age=31536000; includeSubDomains; preload