candid.inc

.inc user

First seen 2026-05-12 · Last seen 2026-05-12 · ok HTTP/1.1 200 949 ms crawled 2026-05-12

US · 35.209.0.180 · AS15169 Google LLC

Reputation 92/100 no dmarc policy

sector finance type homepage

HTML metadata

Title

CANDID - For the Modern Loan Originator

Description

CANDID is the only mortgage marketing and sales ecosystem built for the Modern Loan Originator to help grow their $100m/year business.

Language

en-US

Generator

WordPress 6.9.4

Canonical

https://candid.inc/

Feeds

CANDID APP » Feed RSS
CANDID APP » Comments Feed RSS

Open Graph

url: https://candid.inc/
title: CANDID - For the Modern Loan Originator
locale: en_US
site name: CANDID APP
description: CANDID is the only mortgage marketing and sales ecosystem built for the Modern Loan Originator to help grow their $100m/year business.

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Fonts

Font Awesome
Google Fonts

Third-party hosts loaded (6)

fonts.googleapis.com×2
www.google.com×2
fonts.gstatic.com×1
gmpg.org×1
use.fontawesome.com×1
www.googletagmanager.com×1

Social

Contact

Email

Registration

Registrar

Go Daddy, LLC

Created

2022-12-15

Expires

2026-12-15 209 days left

Updated

2026-02-20

Name servers

ns05.domaincontrol.com
ns06.domaincontrol.com

DNS records live

NS

ns05.domaincontrol.com
ns06.domaincontrol.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 4 TXT records

google-site-verification=pLQcF3I-Av69SxosjvTWc3IZ-DuTYMvOgbMxcTeFsyY
google-site-verification=NXH2UFX_Gl0Pl9iXEvgJqjhlH1r6Qb1-tKwRvkra7jk
google-site-verification=41Ud1PJKdd2hfiv6KTu0DTO-vMpAnVL6YXZbYnMsbqk
google-site-verification=8SL7iigvyrjmY1KVC1b7upj7Jj-eZNwqHriWb534vdQ

Email authentication weak

SPF: v=spf1 include:dc-aa8e722993._spfm.candid.inc ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-18 to 2026-07-17

Expires in 58 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://candid.inc/

present

content-security-policy
x-frame-options

findings

missing HSTS
CSP uses wildcard sources
weak frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: ALLOW-FROM https://support.candid.inc
content-security-policy: frame-ancestors 'self' https://candidcrm.com https://support.candid.inc https://candidcrm.cloudforce.com https://*.salesforce.com; img-src 'self' data: blob: https://cdn.loom.com https://candidcrm.com https://candid.inc https://support.candid.inc https://candidcrm.cloudforce.com;