visitheuvelrug.com

.com crawl

First seen 2026-06-03 · Last seen 2026-06-03 · ok HTTP/1.1 200 945 ms crawled 2026-06-03

IE · 79.125.126.131 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

Home | Op de Heuvelrug

Language

Translations

Open Graph

site name: Op de Heuvelrug

Technology

Analytics

Google Tag Manager

Third-party hosts loaded (3)

assets.plaece.nl×2
hello.myfonts.net×1
www.googletagmanager.com×1

Registration

Registrar

Tucows Domains Inc.

Created

2017-05-03

Expires

2027-05-03 332 days left

Updated

2026-04-04

Name servers

auth01-peer.ib.routit.net
auth02-peer.ib.routit.net

DNS records live

NS

auth01-peer.ib.routit.net
auth02-peer.ib.routit.net

Verified for

Google

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-27 to 2026-08-25

Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.visitheuvelrug.com/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: geolocation=*, autoplay=*, accelerometer=(), camera=(), microphone=(), usb=(), gyroscope=(), magnetometer=()
x-content-type-options: nosniff
content-security-policy: default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob:
strict-transport-security: max-age=315360000