carahsoft.com

HTML metadata

Title: Carahsoft: The Trusted IT Solutions Provider®
Description: As the Master Aggregator™, Carahsoft supports Public & Private Sector customers with selecting & implementing the best IT solutions at the best value.
Language: en
Generator: Concrete CMS
Canonical: https://www.carahsoft.com/

Open Graph

url: https://www.carahsoft.com/
title: Carahsoft: The Trusted IT Solutions Provider®
locale: en_US
site name: Carahsoft
description: As the Master Aggregator™, Carahsoft supports Public & Private Sector customers with selecting & implementing the best IT solutions at the best value.

Technology

CMS: Joomla

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

code.tidio.co×1
fonts.googleapis.com×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

Address

st news, events, and updates.cls-1 { fill: none; stroke: #3155

Registration

Registrar

Omnis Network, LLC

Created

2003-07-03

Expires

2026-07-03 45 days left

Updated

2025-07-04

Name servers

ns11.constellix.com
ns21.constellix.com
ns31.constellix.com
ns41.constellix.net
ns51.constellix.net
ns61.constellix.net

DNS records live

NS

ns11.constellix.com
ns21.constellix.com
ns31.constellix.com
ns41.constellix.net
ns51.constellix.net
ns61.constellix.net

MX

10 mx12.trustedmailservers.com
10 mx13.trustedmailservers.com

Email authentication strong

SPF

v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email; fo=1; ri=3600

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBJDo4XQ32BYvjJwGbQ/1/fQ0Nhtyg60YzNK17Ob1hwWTbfyvDBu14Oc4MpvtYQJU0HscPhvDG7sOJ…

selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2025-09-24 to 2026-10-20

Expires in 154 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.carahsoft.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: fullscreen=(self "https://static.carahsoft.com" "https://www.youtube.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-ancestors 'self' https://*.carahsoft.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-to csp-endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.tidio.co https://code.tidio.co https://www.youtube.com https://maps.googleapis.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://linkedin.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://livechat.carahsoft.com https://snap.licdn.com https://cdn.digitalreachagency.com https://cdn.mida.so https://googleads.g.doubleclick.net https://extend.vimeocdn.com; font-src 'self' https://code.tidio.co https://fonts.gstatic.com data:; img-src 'self' https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com *.carahsoft.com https://px.ads.linkedin.com https://www.google.com https://avatars.tidiochat.com https://tidio-files-prod.s3.eu-west-1.amazona
strict-transport-security: max-age=63072000; includeSubDomains; preload;