croa.org

.org crawl

First seen 2026-05-29 · Last seen 2026-05-31 · ok HTTP/1.1 200 2794 ms crawled 2026-05-31

US · 132.148.180.49 · AS398101 GoDaddy.com, LLC

Reputation 95/100 weak security headers

sector other type landing page

HTML metadata

Title

Home - CROA

Language

lang=

Generator

WordPress 6.9.4

Canonical

https://www.croa.org/

Feeds

CROA » Home Comments Feed RSS

Open Graph

url: https://www.croa.org/
title: Home - CROA
locale: en_US
site name: CROA
description: Welcome to the online headquarters of the Colorado River Outfitters Association (CROA), your premier resource for information about commercial river rafting in the state of Colorado. CROA is a trade association representing approximately 45 licensed professional river rafting outfitters who specialize in providing outstanding outdoor adventures for families and individuals of all tastes and capabilities. […]

Technology

Server: Apache
CMS: WordPress 6.9.4
PHP: 8.2.30 security-only
jQuery: 6.9.4

Fonts

Google Fonts

Third-party hosts loaded (2)

cdnjs.cloudflare.com×3
fonts.googleapis.com×3

Social

DNS records live

NS

ns19.domaincontrol.com
ns20.domaincontrol.com

MX

0 croa-org.mail.protection.outlook.com

TXT

v=verifydomain MS=5008286

Email authentication partial

SPF

v=spf1 include:secureserver.net include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject rua=mailto:admin@croa.org; ruf=mailto:admin@croa.org

no policy tag

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeLHFxr/HAN/vqKK1WidtZwgNke1dIN+/CFlTFenOcCGZ785X1juu+lV4N2nAQMFekb5BKiHjAV/DV…

selectors probed

Certificate (current)

Starfield Secure Certificate Authority - G2

from 2025-07-01 to 2026-08-02

Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 35/100 Checked live page: https://www.croa.org/

present

permissions-policy

findings

missing HSTS
missing Content Security Policy
missing frame protection
missing content type protection
missing Referrer Policy

Header values

permissions-policy: private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")

Links to (3)

Linked from (1)

shoprma.com×1

Use this data via API

Everything on this page for croa.org is available as JSON from the indexo.dev REST & MCP API.

curl "https://indexo.dev/api/v1/domains/croa.org" \
  -H "X-API-Key: idx_..."

Read the docs & get a free key →