bostonherald.com

HTML metadata

Title

Boston Herald - Boston news, sports, politics, opinion, entertainment, weather and obituaries

Description

The Boston Herald is the leading source of breaking news, local news, sports, politics, entertainment, opinion and weather in Boston, Massachusetts.

Language

en-US

Generator

WordPress 6.9.4

Canonical

https://www.bostonherald.com

Feeds

Boston Herald » Feed RSS
Boston Herald » Comments Feed RSS

Open Graph

url: https://www.bostonherald.com
title: Boston Herald
locale: en_US
site name: Boston Herald
description: Boston news, sports, politics, opinion, entertainment, weather and obituaries

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Cookie consent

Osano

Fonts

Google Fonts

Third-party hosts loaded (20)

fonts.googleapis.com×3
htlbid.com×3
ajax.googleapis.com×2
applepay.cdn-apple.com×2
cdn.jsdelivr.net×2
cdn.parsely.com×2
cdn.sophi.io×2
cmp.osano.com×2
prodmg2.blob.core.windows.net×2
stats.wp.com×2
accounts.google.com×1
ads.digitalfirstmedia.com×1
cdn.auth0.com×1
cdn.cityspark.com×1
cdn.p-n.io×1
delivery.revcontent.com×1
fonts.gstatic.com×1
v0.wordpress.com×1
wp.me×1
www.googletagmanager.com×1

Registration

Registrar

Network Solutions, LLC

Created

1995-05-18

Expires

2029-05-19 1095 days left

Updated

2023-03-23

Name servers

ns-1284.awsdns-32.org
ns-1671.awsdns-16.co.uk
ns-442.awsdns-55.com
ns-560.awsdns-06.net

DNS records live

NS

ns-1284.awsdns-32.org
ns-1671.awsdns-16.co.uk
ns-442.awsdns-55.com
ns-560.awsdns-06.net

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 28 TXT records

l33i9ps6uk6nrl89kmadg4ms3d
globalsign-domain-verification=273eFvKCuCXR3P_oKS85yffiPwBPz0qc1fEV1-x8Aq
_globalsign-domain-verification=0TyIZcbLmgSwoVohQ9GWaLbZq22eAkpviTlcN7JXo3
MS=ms21250230
fastly-domain-delegation-9nsahenmm4tc7tun301132-10222020
kfp69nllfvshhafsbljbfme44i
facebook-domain-verification=hq96wjcdmhg1tk04cbn4oskwav25ms
google-site-verification=Zqn7EGKyN7Y0JJ-QJJXxc6LjGVR6e7lmezMi7Ufi1RE
google-site-verification=E5l3r3nZw9-UXb6oKYryML7tgY21_zJMhZIsCegUhpY
17vm7b9n6t7l4r697abed5mt5j
ospjbbu0ev5n4h3o9t5hkn0f4m
jfdqhph4a6a54ncg42nmbu76mq
11d79fi8pjm1nav7fdd6elvgao
MS=086F64F04387D9E1068D1435CFC881F3E9225BC6
knowbe4-site-verification=a9ce6449edf2d51c41eed1f3517d26f9
tollbit-domain-verification=51bbc1c7d387d5298356058e8a1f328a81ec606aaee0664c6542db7921e03116
ca3-c607b2cf0846448ba5720feb55d26f82
google-site-verification=rlrpckrduV71g0stKuRh9CvmhvNTG6v0s0l1UBrMkZc
llib6qvjasng0m5c7562bvdl78
mt-68081482
uqnitusg0scqhg3ts7mrv2s2rj
da5u0pnnni3vdpidmpdqa9gr47
aslt820givt06ua5qjmkutdm4b
a9013qb3gu938gm4tm2gu38bmm
cc8m79fek565srp0t8n2ul6gao
_globalsign-domain-verification=O81xyb7YxpdGeHWkniit_VBT4vTXz9__NFrNMoTwFg
k1f6d3u4rfoq2mtthlc2342pec
mmtu7tjdac6nlqf55pomh3jsligr099ncutm05acs8osr5os84u2

Email authentication partial

SPF

v=spf1 mx ip4:54.235.217.16 ip4:204.137.12.0/24 ip4:209.166.154.206 include:_spf.google.com include:_spf.mnginteractive.com include:amazonses.com include:turbo-smtp.com -all

strict (-all)

DMARC

v=DMARC1; p=none; pct=100

policy: none (monitoring only)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ9x1jzUNAcglU3clDtWOoAdsUwJUvxu0VBiyhQDM95789BlhzTisQyg31s7bQxWBgSpIhpKnb1dQBjTGd…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCiERgp4gp/3wYoYqsIJVFRh/6oFTxkRNrlf9nTUuWk7eO977a9GBso8arcAlmoCs+P6T+40f0zrvoFr/B3HQplE…

selectors probed

Certificate (current)

E8

from 2026-04-12 to 2026-07-11

Expires in 52 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.bostonherald.com/

present

strict-transport-security
content-security-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content;
strict-transport-security: max-age=31536000;includeSubdomains