indexo.dev

xylohoutpellets.nl

.nl crawl

First seen 2026-05-27 · Last seen 2026-06-01 · ok HTTP/1.1 200 291 ms crawled 2026-05-30

US · 172.67.218.222 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Hout Pellets en hout korrels in alle soorten en maten.
Description
Pellets, pallet, houtpellets en hout korrels voor warme en eerlijke prijzen. Zeer snelle levering en altijd betrouwbaar.
Language
nl
Generator
Powered by Slider Revolution 6.5.3.3 - responsive, Mobile-Friendly Slider Plugin with comfortable drag and drop interface.

Technology

CDN
Cloudflare
CMS
Gatsby 6.5.3.3
Stack
PHP
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Social widgets
  • YouTube Embed

Third-party hosts loaded (4)

  • fonts.googleapis.com×5
  • www.googletagmanager.com×2
  • www.youtube.com×2
  • www.google.com×1

Contact

Phone
Address
© Xylo Houtpellets. All Rights Reserved | Realisatie:WebWinkelVisie

DNS records live

NS
  • cruz.ns.cloudflare.com
  • norm.ns.cloudflare.com
MX
  • 10 mailserver.xylohoutpellets.nl
Verified for
  • Google

Email authentication partial

SPF
v=spf1 a mx ip4:46.224.68.29 ip6:2a01:4f8:c014:d872::1 ip4:31.7.1.140 ip4:149.210.149.126 ip4:149.210.177.133 ip4:149.210.176.68 ip6:2a01:7c8:aab5:118::1 ip6:2a01:7c8:aab5:118:5054:ff:fe79:d324 include:_spf.google.com include:_spf.transip.email include:spf.shockmedia.email include:relay.mailchannels.net -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:postmaster@xylohoutpellets.nl; ruf=mailto:postmaster@xylohoutpellets.nl; sp=quarantine; aspf=s; adkim=s; fo=1;
policy: none (monitoring only) · sp=quarantine
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BFPnKZ8NPlSZBPPxAQqbPVi4Sp8QB/JgUr2ICqWOMzRVEe3MLcXWpwH63Q5UZw1yZjW5oIHfIz1Q1…
selectors probed

Certificate (current)

E7
from 2026-04-07 to 2026-07-06
Expires in 35 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://xylohoutpellets.nl/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerc

Links to (3)

Linked from (8)