carilionclinic.org

HTML metadata

Title

Carilion Clinic | Hospitals & Physicians in Virginia | Carilion Clinic

Language

en

Generator

Drupal 10 (https://www.drupal.org)

Canonical

https://www.carilionclinic.org/

Translations

en

Technology

Server: Apache
CMS: Drupal

Analytics

Google Analytics
Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

www.googletagmanager.com×2
fonts.googleapis.com×1
fonts.gstatic.com×1
www.google-analytics.com×1
www.youtube.com×1

Social

Contact

Address: 1 Riverside Circle, 24016, Roanoke, VA, US

Registration

Registrar

Network Solutions, LLC

Created

2006-06-19

Expires

2028-06-19 760 days left

Updated

2026-04-25

Name servers

ns-1445.awsdns-52.org
ns-1011.awsdns-62.net
ns-150.awsdns-18.com
ns-1543.awsdns-00.co.uk

DNS records live

NS

ns-1011.awsdns-62.net
ns-1445.awsdns-52.org
ns-150.awsdns-18.com
ns-1543.awsdns-00.co.uk

MX

10 mxa-00142d01.gslb.pphosted.com
10 mxb-00142d01.gslb.pphosted.com

TXT

Show 11 TXT records

tv2v5wj15p3mybjhdrx7vlgdlrwmytwv
58816e4d986d444c9f34def85cb09c51
_7orbs02gzuy5z0stafuvukuhzya2tkv
_rtwzsvlav1cg7v6eytcww1d3pj698z5
e2ma-verification=17oeb
e2ma-verification=p7bfb
e2ma-verification=ygzbb
ghL9vr+g5sl1JnVRtR714GQt76cGG0IyKM7p+2LEqEodLL1gzBotHO4JMU0WMZDNcEoGfVQhHUi7ZFwNVlsYSA==
pexip-ms-tenant-domain-verification=cb292fd9-23c6-485e-983f-eb1bc7594b08
s11ct4vblct1l95cszd6nzdtlznqnfs8
sWPGkXOBWBxl2V3fcZ2tnlk0n/tOFFMp4kfyx8Nv5RH2AcrjUzaKV7tbQztwNUQz0T9vk3DmvDqBb52ScN9S0Q==

Verified for

Apple
Google
Microsoft 365

Email authentication strong

SPF

v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com

policy: reject (enforced)

DKIM

Show 4 DKIM selectors

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I522qaittPYvai8Y5ccrhe0Tt+mO4hpJGH+pHcQEq9AmTSyNwXjVoioNpy3KfHXsR0eU5FEp5i3BnUEP/…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/1enoT8eC0nRibl+v70DHlFA9B4GLhN1a/DdxU05iALEPF/w8RSWZngnzmwfAuS0ONnZV40mf/y6Ox9g8…

selectors probed

Certificate (current)

DigiCert EV RSA CA G2

from 2025-09-08 to 2026-10-09

Expires in 141 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.carilionclinic.org/

present

content-security-policy
x-frame-options
x-content-type-options

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net/ cdn.jsdelivr.net/ *.googlesyndication.com/ tagmanager.google.com *.googletagmanager.com/ *.facebook.net/ *.typekit.net/ *.google-analytics.com/ *.lightwidget.com/ *.youtube.com/ *.ytimg.com/ *.lightwidget.com/ fast.fonts.net/ cdn.inspectlet.com/ *.bing.com/ *.gstatic.com/ *.google.com/recaptcha/ maps.googleapis.com/ *.googleadservices.com/ *.clarity.ms unpkg.com/; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net/ fonts.googleapis.com/ *.googletagmanager.com/; img-src 'self' about: *.google-analytics.com/ *.typekit.net/ *.g.doubleclick.net/ *.googletagmanager.com/ *.carilionclinic.ovidds.com/ *.i.ytimg.com/ *.img.youtube.com/ *.youtube.com/ *.google.com/ *.facebook.com/ *.bing.com/ *.googleapis.com/ *.ytimg.com/ *.flaticon.com *.w3.org/ maps.gstatic.com/ *.clarity.ms/ *.fonts.gstatic.com/ data:; media-src 'self'; frame-src 'self' *.googletagmanager.com/ *.lightwidget.com/ *