View Security Headers


View Security Headers	Enter a domain:	From March 18, 2025 - safe rewrite redirect - defense-in-depth with "always" - Lookup Hosting Tool - Issues on GitHub - Insight at janwillemstegink.nl
Category	Header	IPv4 without www in 0.6 seconds	IPv6 without www in 0.6 seconds	IPv4 with www in 0.4 seconds	IPv6 with www in 0.4 seconds
Port	port 80	52.223.51.112 35.71.165.93	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a 2600:9000:a71f:7df9:2b27:c4a0:f8e4:fc1e	52.223.51.112 35.71.165.93	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a 2600:9000:a71f:7df9:2b27:c4a0:f8e4:fc1e
Client URL	http:// curl (error)	52.223.51.112 OK	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a OK	52.223.51.112 OK	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a OK
General	http:// HTTP code	301	301	301	301
General	http:// rewritten URL	safe to https://gelderland.nl:443/	safe to https://gelderland.nl:443/	safe to https://www.gelderland.nl:443/	safe to https://www.gelderland.nl:443/
General	http:// effective URL	https://www.gelderland.nl/	https://www.gelderland.nl/	https://www.gelderland.nl:443/	https://www.gelderland.nl:443/
General	http:// HTTP protocol	HTTP/1.1 301 Moved Permanently	HTTP/1.1 301 Moved Permanently	HTTP/1.1 301 Moved Permanently	HTTP/1.1 301 Moved Permanently
General	http:// server	awselb/2.0	awselb/2.0	awselb/2.0	awselb/2.0
Port	port 443	52.223.51.112 35.71.165.93	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a 2600:9000:a71f:7df9:2b27:c4a0:f8e4:fc1e	52.223.51.112 35.71.165.93	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a 2600:9000:a71f:7df9:2b27:c4a0:f8e4:fc1e
Client URL	https:// curl (error)	52.223.51.112 OK	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a OK	52.223.51.112 OK	2600:9000:a613:5c38:ca1e:5bed:bd6b:280a OK
General	https:// HTTP code	301	301	200	200
General	https:// effective URL	https://www.gelderland.nl/	https://www.gelderland.nl/	https://www.gelderland.nl/	https://www.gelderland.nl/
General	https:// HTTP protocol	HTTP/2 301	HTTP/2 301	HTTP/2 200	HTTP/2 200
General	https:// server	nginx	nginx	nginx	nginx
General	date	Sun, 22 Feb 2026 21:09:23 GMT	Sun, 22 Feb 2026 21:09:23 GMT	Sun, 22 Feb 2026 21:09:24 GMT	Sun, 22 Feb 2026 21:09:24 GMT
General	content type	text/html	text/html	text/html; charset=utf-8	text/html; charset=utf-8
Server Disclosure Headers	X-Powered-By - header			Next.js	Next.js
Server Disclosure Headers	X-Powered-By - body
Strict Transport & Connection Security	HTTP Public-Key-Pinning (HPKP) - obsolete
Strict Transport & Connection Security	HTTP Strict-Transport-Security (HSTS)	max-age=31536000; includeSubdomains;	max-age=31536000; includeSubdomains;	max-age=31536000; includeSubdomains;	max-age=31536000; includeSubdomains;
Content Restrictions & Injection Protection	Content-Security-Policy (CSP)	default-src * data: 'unsafe-eval' 'unsafe-inline' 'self' gelderland.bbvms.com d2por9cp9kn8i4.cloudfront.net .bluebillywig.com blob:; frame-ancestors 'self' archiefweb.eu .archiefweb.eu .gelderland.bbvms.com .vimeo.com .custhelp.com .gelderland.nl .gelderland-dev.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' .gstatic.com siteimproveanalytics.com .readspeaker.com gelderland.bbvms.com cdn.bluebillywig.com .youtube.com .googletagmanager.com .vimeo.com .userback.io .custhelp.com *.....	default-src * data: 'unsafe-eval' 'unsafe-inline' 'self' gelderland.bbvms.com d2por9cp9kn8i4.cloudfront.net .bluebillywig.com blob:; frame-ancestors 'self' archiefweb.eu .archiefweb.eu .gelderland.bbvms.com .vimeo.com .custhelp.com .gelderland.nl .gelderland-dev.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' .gstatic.com siteimproveanalytics.com .readspeaker.com gelderland.bbvms.com cdn.bluebillywig.com .youtube.com .googletagmanager.com .vimeo.com .userback.io .custhelp.com *.....	default-src * data: 'unsafe-eval' 'unsafe-inline' 'self' gelderland.bbvms.com d2por9cp9kn8i4.cloudfront.net .bluebillywig.com blob:; frame-ancestors 'self' archiefweb.eu .archiefweb.eu .gelderland.bbvms.com .vimeo.com .custhelp.com .gelderland.nl .gelderland-dev.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' .gstatic.com siteimproveanalytics.com .readspeaker.com gelderland.bbvms.com cdn.bluebillywig.com .youtube.com .googletagmanager.com .vimeo.com .userback.io .custhelp.com *.....	default-src * data: 'unsafe-eval' 'unsafe-inline' 'self' gelderland.bbvms.com d2por9cp9kn8i4.cloudfront.net .bluebillywig.com blob:; frame-ancestors 'self' archiefweb.eu .archiefweb.eu .gelderland.bbvms.com .vimeo.com .custhelp.com .gelderland.nl .gelderland-dev.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' .gstatic.com siteimproveanalytics.com .readspeaker.com gelderland.bbvms.com cdn.bluebillywig.com .youtube.com .googletagmanager.com .vimeo.com .userback.io .custhelp.com *.....
Content Restrictions & Injection Protection	X-Content-Type-Options	nosniff	nosniff	nosniff	nosniff
Content Restrictions & Injection Protection	X-XSS-Protection - deprecated but used	1; mode=block	1; mode=block	1; mode=block	1; mode=block
Cross-Origin & Embedding Security	X-Frame-Options
Cross-Origin & Embedding Security	Cross-Origin-Embedder-Policy (COEP)
Cross-Origin & Embedding Security	Cross-Origin-Opener-Policy (COOP)
Cross-Origin & Embedding Security	Cross-Origin-Resource-Policy (CORP)
Cross-Origin & Embedding Security	Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin & Embedding Security	Cross-Origin-Opener-Policy-Report-Only
Cross-Origin & Embedding Security	Cross-Origin-Resource-Policy-Report-Only
Feature & Permissions Control	Feature-Policy - not for use anymore
Feature & Permissions Control	Permissions-Policy
Referrer & Privacy Control	Referrer-Policy	no-referrer-when-downgrade	no-referrer-when-downgrade	no-referrer-when-downgrade	no-referrer-when-downgrade
Certificate & Caching Security	Expect-CT (Certificate Transparency) - old
Certificate & Caching Security	Cache-Control			s-maxage=60, stale-while-revalidate=31535940	s-maxage=60, stale-while-revalidate=31535940
Certificate & Caching Security	Pragma