vrhm.nl

HTML metadata

Title: Home | Veiligheidsregio Hollands Midden
Language: nl
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://www.vrhm.nl/node/1

Open Graph

title: Home
site name: Veiligheidsregio Hollands Midden

Technology

CMS: Drupal

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

team.blue nl B.V.

Created

2008-07-07

Updated

2024-03-26

Name servers

tosana.ns.cloudflare.com
joan.ns.cloudflare.com

DNS records live

NS

joan.ns.cloudflare.com
tosana.ns.cloudflare.com

MX

5 vrhm-nl.mail.protection.outlook.com

TXT

v=msv1 t=63A33607-EF41-4A3D-9174-224A2E2FD3CB

Verified for

Apple
Google
Microsoft
Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:46.145.3.87 ip4:46.145.3.91 ip4:81.4.77.59 ip4:77.243.229.51 include:spf.protection.outlook.com include:spf.afas.online -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100; ruf=mailto:dmarc@vrhm.nl; rua=mailto:b54ba84453054a6085847f4203274408@dmarc-reports.cloudflare.net,mailto:dmarc@vrhm.nl;

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPesd1FZuF6K9HQUfCVTCZrhWvKl5lhSgcaLMgN+Pb27zw36X9haqrmSjsh3egVIKMfP3WkEgmlq70+iTQm+…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5scYuWbOAQlQsB6UDQ4I942HnwJZDXYaYRIH/0gv+ZEYoTXrdclbQq+DgQaLCvX+2SGpA4WguEoLy4…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-09-22 to 2026-09-23

Expires in 114 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.vrhm.nl/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.scribit.pro *.youtube.com *.svgator.com *.cookiefirst.com *.cloudflare.com *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.cookiefirst.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com data: *.cookiefirst.com *.toegankelijkheidsverklaring.nl *.facebook.com; media-src *.googleapis.com; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.twitter.com *.google.com *.vimeo.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.scribit.pro *.cookiefirst.com; upgrade-insecure-requests
strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains