indexo.dev

thomann.nl

.nl crawl

First seen 2026-05-30 · Last seen 2026-05-31 · ok HTTP/1.1 200 724 ms crawled 2026-05-31

DE · 212.204.75.160 · AS8767 M-net Telekommunikations GmbH

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Koop muziekinstrumenten online bij de marktleider – Thomann Nederland
Description
Koop uw nieuwe muziekinstrument en accessoires online bij de grootste muziekwinkel van Europa. Topkwaliteit en variatie bij Thomann
Language
nl
Canonical
https://www.thomann.nl
Translations
  • en ×7
  • de ×3
  • fr ×2
  • cs
  • da
  • es
  • fi
  • hu
  • it
  • nl
  • pl
  • pt
  • ro
  • sv

Open Graph

url
https://www.thomann.nl
title
Thomann - Welkom thuis!
locale
nl_NL
site name
Musikhaus Thomann
description
Ontdek alles over muziekinstrumenten, studio-apparatuur, verlichting en PA-apparatuur – de meest populaire merken, betaalbare alternatieven en vele kosteloze extra's voor muzikanten.

Technology

CDN
Cloudflare
CMS
Gatsby
Analytics
  • Google Tag Manager
Third-party hosts loaded (20)
  • fast-images.static-thomann.de×142
  • thumbs.static-thomann.de×24
  • www.thomann.de×7
  • images.static-thomann.de×2
  • www.thomannmusic.com×2
  • www.googletagmanager.com×1
  • www.thomann.ae×1
  • www.thomann.at×1
  • www.thomann.co.uk×1
  • www.thomann.dk×1
  • www.thomann.es×1
  • www.thomann.fr×1
  • www.thomann.it×1
  • www.thomann.pl×1
  • www.thomann.pt×1
  • www.thomann.ro×1
  • www.thomann.se×1
  • www.thomannmusic.ch×1
  • www.thomannmusic.hu×1
  • www.thomannmusic.no×1

Social

DNS records live

NS
  • a.ns14.net
  • b.ns14.net
  • c.ns14.net
  • d.ns14.net
Verified for
  • Google

Email authentication no MX

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

RapidSSL TLS RSA CA G1
from 2026-03-02 to 2026-09-17
Expires in 108 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.thomann.nl/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomann.nl *.thomann.de app.storyblok.com connect.facebook.net analytics.tiktok.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google www.paypal.com; frame-src 'self' *.thomann.nl *.thomann.de *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google www.paypal.com; frame-ancestors 'self' app.storyblok.com; object-src '

Links to (8)

Linked from (1)