cityofarcata.org
cityofarcata.org
HTML metadata
Technology
- jQuery
- 1.11.2 known XSS (<3.5)
- Stack
- ASP.NET
- Social widgets
-
- YouTube Embed
Third-party hosts loaded (4)
- docaccess.com×1
- www.facebook.com×1
- www.instagram.com×1
- www.youtube.com×1
Contact
- Phone
Registration
- Registrar
- GoDaddy.com, LLC
- Created
- 2006-10-18
- Expires
- 2026-10-18 150 days left
- Updated
- 2025-12-02
- Name servers
-
- ns51.domaincontrol.com
- ns52.domaincontrol.com
DNS records live
- NS
-
- ns51.domaincontrol.com
- ns52.domaincontrol.com
- MX
-
- 10 d201015a.ess.barracudanetworks.com
- 20 d201015b.ess.barracudanetworks.com
- TXT
-
v=verifydomain MS=4566631
- Verified for
-
- Apple
Email authentication strong
- SPF
-
v=spf1 include:spf.ess.barracudanetworks.com include:arcatapd.org ip4:66.118.223.40 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:dmarc@cityofarcata.org;policy: reject (enforced) - DKIM
-
- k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed - k2:
Certificate (current)
R13
Expires in 62 days
HTTP security headers
- present
-
- content-security-policy
- x-content-type-options
- findings
-
- missing HSTS
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-content-type-options
nosniff- content-security-policy
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src *