creative-capital.org

.org crawl

First seen 2026-04-23 · Last seen 2026-05-14 · ok HTTP/1.1 200 8333 ms crawled 2026-05-17

US · 141.193.213.20 · AS209242 Cloudflare London, LLC

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title: Homepage - Creative Capital
Description: Discover Creative Capital, a nonprofit organization supporting individual artists in all disciplines with grants, career-development resources, and services.
Language: en-US
Canonical: https://creative-capital.org/

Open Graph

url: https://creative-capital.org/
title: Homepage - Creative Capital
locale: en_US
site name: Creative Capital
description: Discover Creative Capital, a nonprofit organization supporting individual artists in all disciplines with grants, career-development resources, and services.

Technology

CDN: Cloudflare
CMS: WordPress

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Social widgets

Vimeo Embed

Third-party hosts loaded (3)

consent.cookiebot.com×1
player.vimeo.com×1
www.googletagmanager.com×1

Social

Contact

Phone

(212) 598-9900

Registration

Registrar

Cloudflare, Inc.

Created

1999-01-11

Expires

2027-01-11 236 days left

Updated

2025-12-17

Name servers

dana.ns.cloudflare.com
woz.ns.cloudflare.com

DNS records live

NS

dana.ns.cloudflare.com
woz.ns.cloudflare.com

MX

Show 7 MX records

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx2.googlemail.com
30 aspmx3.googlemail.com
30 aspmx4.googlemail.com
30 aspmx5.googlemail.com

TXT

Show 4 TXT records

MS=ms25599585
facebook-domain-verification=4qhem34tshqua0bddij9s63z3301xc
google-site-verification=VOIQ9pnGfCV74EM0zp8LGhKkb2DOTBwMnuBKlh0o69w
google-site-verification=rc991wSptxS4Jr4DrQmtVGeODAQbBt7zYbowQUG1Qyw

Email authentication partial

SPF

v=spf1 include:_spf.google.com include:servers.mcsv.net include:_spf.salesforce.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC3OcBROKCpPeyhTJKC6OGiscg6VPISJQTxoSEInBk5q69U59PNBOG20IoBt5WDfilHG6hrVQN/5Tb…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WE1

from 2026-04-17 to 2026-07-16

Expires in 58 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://creative-capital.org/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://flo.uri.sh/ https://public.flourish.studio https://*.uri.sh/ https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googlesyndication.com https://*.sentry-cdn.com https://*.wistia.com https://*.twitter.com https://*.googleapis.com https://connect.facebook.net https://*.googletagmanager.com https://www.google-analytics.com https://*.linkedin.com https://*.instagram.com https://*.typekit.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.youtube.com https://static.ads-twitter.com https://player.vimeo.com https://snap.licdn.com https://giving.classy.org https://*.classy.org; frame-src blob: https://flo.uri.sh https://public.flourish.studio https://*.uri.sh https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.youtube.com https://player.vimeo.com https://creative-capital.org https://giving.classy.o