careoregonadvantage.org

HTML metadata

Title: CareOregon Advantage - Home
Description: CareOregon Advantage has information for current and prospective members who are eligible for Medicare and Medicaid (Oregon Health Plan) in Oregon
Language: en
Generator: Sitefinity 15.2.8426.0 DX
Canonical: https://www.careoregonadvantage.org

Open Graph

url: https://www.careoregonadvantage.org
title: CareOregon Advantage - Home
site name: CareOregon Advantage
description: CareOregon Advantage has information for current and prospective members who are eligible for Medicare and Medicaid (Oregon Health Plan) in Oregon

Technology

Server: Microsoft-IIS

Analytics

Google Tag Manager

Fonts

Adobe Fonts

Third-party hosts loaded (4)

careoregon.org×2
ajax.googleapis.com×1
use.typekit.net×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

GoDaddy.com, LLC

Created

2005-08-26

Expires

2027-08-26 462 days left

Updated

2024-06-10

Name servers

pdns09.domaincontrol.com
pdns10.domaincontrol.com

DNS records live

NS

pdns09.domaincontrol.com
pdns10.domaincontrol.com

MX

0 careoregonadvantage-org.mail.protection.outlook.com

TXT

Show 4 TXT records

6jhb72ddv65u63eq1ab5o2auns
lre6u7ord61apjnneel0s9kuc0
l8q9sh457sb8lbs0k7nt1ror1q
t1ba95aee825r9eavo0c7mo9j0

Verified for

GlobalSign
Microsoft 365

Email authentication weak

SPF: v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2026-05-04 to 2026-11-18

Expires in 182 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://careoregonadvantage.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self' translate-pa.googleapis.com https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0 cdnjs.cloudflare.com api.brightedge.com dev-iis-app-01.careoregon.org *.audioeye.com anlalytics.audioeye.com forms.housecallproviders.org wsv3cdn.audioeye-services.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com translate.google.com/translate_a/element.js 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com code.jquery.com ajax.googleapis.com https
strict-transport-security: max-age=31536000
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin

Links to (6)

Linked from (1)

careoregon.org×2