indexo.dev

carnegie.no

.no crawl

First seen 2026-05-20 · Last seen 2026-05-30 · ok HTTP/1.1 200 5288 ms crawled 2026-05-27

DE · 172.104.148.24 · AS63949 Akamai Connected Cloud

Reputation 100/100

Classifying

HTML metadata

Title
Start - Carnegie Norway
Language
en-GB
Canonical
https://www.carnegie.no/

Open Graph

url
https://www.carnegie.no/
title
Start - Carnegie Norway
locale
en_GB
site name
Carnegie Norway

Technology

Server
nginx
CMS
WordPress
jQuery
3.7.1
Analytics
  • Google Tag Manager

Third-party hosts loaded (3)

  • cdn.cookie-script.com×2
  • browser.sentry-cdn.com×1
  • www.googletagmanager.com×1

Registration

Registrar
Domeneshop AS
Created
2025-09-29
Updated
2025-09-29
Name servers
  • ns1.p201.dns.oraclecloud.net
  • ns2.p201.dns.oraclecloud.net
  • ns3.p201.dns.oraclecloud.net
  • ns4.p201.dns.oraclecloud.net

DNS records live

NS
  • ns1.p201.dns.oraclecloud.net
  • ns2.p201.dns.oraclecloud.net
  • ns3.p201.dns.oraclecloud.net
  • ns4.p201.dns.oraclecloud.net
MX
  • 10 mxa-00588c01.gslb.pphosted.com
  • 10 mxb-00588c01.gslb.pphosted.com
TXT
  • _lmzg39vsxzu2akfmvhy4zh7nlsu81y2
  • 328e94b9c8cc5d604a89884ddbf2b5cc35314ae380b28080e6d16f0e75b54a8d
  • li9WkUMYLE3MfhgSgAKojmSpmrVsPwAaVLuFMDN3YhT1xU5Veddg+iEZJIlaOwGzEh1mshKqtdEnEdHx5SaOSQ==
Verified for
  • Google
  • Microsoft 365

Email authentication strong

SPF
v=spf1 ip4:192.176.133.70 ip4:192.176.136.197 ip4:81.175.23.100 ip4:194.14.70.91 ip4:194.14.70.92 ip4:172.67.161.126 ip4:104.21.66.154 include:spf.protection.outlook.com ip4:193.182.104.28/31 include:_spf-dc33.sapsf.eu include:mailgun.org include:smtp.fenistra.no include:spf-00588c01.pphosted.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com,mailto:phishing@dnb.no
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHkfmpaXizasP2TkmUVtc90jAvmPZ8XWYhH6BhKWZveqlo4fEcoc1Of3M+edsyfhBo4R/ZHJrPpGwRvRlrQ3…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2026-01-19 to 2027-01-20
Expires in 231 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.carnegie.no/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY;
x-content-type-options
nosniff
content-security-policy
default-src 'self' dnbcarnegie.com www.dnbcarnegie.com;connect-src 'self' www.google-analytics.com analytics.google.com consent.cookie-script.com sentry.frojd.se stats.g.doubleclick.net www.google.se www.google.dk www.google.no www.google.co.uk www.google.fi *.dynamics.com *.azureedge.net *.microsoft.com widget.datablocks.se hub.mfn.se pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net;script-src 'self' blob: 'unsafe-inline' cdn.cookie-script.com code.jquery.com www.googletagmanager.com www.google-analytics.com www.youtube.com browser.sentry-cdn.com www.google.com www.gstatic.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com report.cookie-script.com widget.datablocks.se www.googleadservices.com;style-src 'self' 'unsafe-inline' translate.googleapis.com;frame-src 'self' www.googletagmanager.com w.soundcloud.com vimeo.com player.vimeo.com www.youtube.com www.google.com *.dynamics.com td.doubleclick.net;img-src 'self' www.google.se www.google-ana
strict-transport-security
max-age=31536000;

Links to (7)

Linked from (6)