byf.org
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Fonts
-
- Adobe Fonts
Third-party hosts loaded (8)
- www.googletagmanager.com×3
- cdn.jsdelivr.net×2
- unpkg.com×2
- www.youtube.com×2
- cse.google.com×1
- kit.fontawesome.com×1
- tracker.pardot.nccer.org×1
- use.typekit.net×1
Social
Contact
- Phone
Registration
- Registrar
- NameCheap, Inc.
- Created
- 2001-10-21
- Expires
- 2026-10-21 155 days left
- Updated
- 2025-09-26
- Name servers
-
- ns-1430.awsdns-50.org
- ns-1990.awsdns-56.co.uk
- ns-263.awsdns-32.com
- ns-850.awsdns-42.net
DNS records live
- NS
-
- ns-1430.awsdns-50.org
- ns-1990.awsdns-56.co.uk
- ns-263.awsdns-32.com
- ns-850.awsdns-42.net
- TXT
-
google-site-verification=D3zIkkrGS_1SqvqDOu81HvnLowduNo1EM-ln6Kk5nHM9f90p2ljb278jd50sxv2h13cq73p3rxrfacebook-domain-verification=w5jycapy9t4sci3cfehlrz0y458lrj
Email authentication no MX
- SPF
-
v=spf1 -allstrict (-all) - DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
E8
Expires in 75 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Permissions Policy
Header values
- referrer-policy
no-referrer-when-downgrade- x-content-type-options
nosniff- content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https://ka-p.fontawesome.com https://use.typekit.net https://fonts.gstatic.com; media-src 'self' https: ; img-src 'self' https: ; child-src 'self' https: ; frame-ancestors 'self' https://*.byf.org;- strict-transport-security
max-age=31536000