xploreryachting.com

HTML metadata

Title: Xplorer Yachting | Expedition and explorer yachts
Description: Welcome to the world of Xplorer: a unique blend of luxury superyachts and expedition yachts, where luxury meets limitless adventure.
Language: en
Canonical: https://www.xploreryachting.com/

Open Graph

url: https://www.xploreryachting.com/
title: Xplorer Yachting | Expedition and explorer yachts
description: Welcome to the world of Xplorer: a unique blend of luxury superyachts and expedition yachts, where luxury meets limitless adventure.

Technology

CDN: Azure Front Door
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (3)

medialibrary.damen.com×38
recaptcha.net×1
www.googletagmanager.com×1

Social

Contact

Address: Koningsweg, 2, 4380 AB, Vlissingen, Zeeland, NL

Registration

Registrar

MarkMonitor Inc.

Created

2023-11-29

Expires

2027-11-29 558 days left

Updated

2025-10-29

Name servers

ns1-36.azure-dns.com
ns2-36.azure-dns.net
ns3-36.azure-dns.org
ns4-36.azure-dns.info

DNS records live

NS

ns1-36.azure-dns.com
ns2-36.azure-dns.net
ns3-36.azure-dns.org
ns4-36.azure-dns.info

MX

10 xploreryachting-com.mail.protection.outlook.com

TXT

Show 4 TXT records

v=DMARC1; p=quarantine; rua=mailto:dmarc_agg@vali.email
MS=ms21886938
pardot700753=50b271ee7966acb66e3ef562260d9da3fb1bd8388b3d51dc4d74909a8bd7377b
google-site-verification=P_KnVsalUn4MUXD7Vf1cTTTPakqz1Bwa_UsiDNcGfxw

Email authentication weak

SPF: v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-03-01 to 2026-09-02

Expires in 105 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.xploreryachting.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), display-capture=(self), document-domain=("http://localhost:3000" "https://www.amels.com"), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(), unoptimized-images=(), unsized-media=(), usb=(), screen-wake-lock=(self), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'unsafe-inline' 'self' nonce-NjEzMzUyYWQtOGY4Zi00YTU2LTg1NjgtNzEyYzJkN2JhZjA2 strict-dynamic pi.pardot.com app.storyblok.com recaptcha.net www.gstatic.com/recaptcha/ tagmanager.google.com *.googletagmanager.com *.cookie-script.com www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net cdn.cookie-script.com connect.facebook.net bat.bing.com snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com cdn.leadinfo.net *.ldnfrpl.com *.clarity.ms bat.bing.net; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.licdn.com cdn.leadinfo.net; img-src 'self' data: blob: medialibrary.damen.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.nl googleads.g.doubleclick.net www.google.com google.com pagead2.googlesyndication.com www.facebook.net www.facebook.com bat.bi
strict-transport-security: max-age=31536000; includeSubDomains; preload