epnb.com
HTML metadata
Technology
- Server
- Apache
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Ads
-
- Meta Pixel
- Fonts
-
- Adobe Fonts
- Font Awesome
Third-party hosts loaded (10)
- enbepa.banking.apiture.com×3
- api.glia.com×2
- assets.sitescdn.net×2
- maps.googleapis.com×2
- www.googletagmanager.com×2
- cdn.userway.org×1
- connect.facebook.net×1
- use.fontawesome.com×1
- use.typekit.net×1
- www.facebook.com×1
Social
Contact
- Phone
Registration
- Registrar
- Network Solutions, LLC
- Created
- 2004-01-28
- Expires
- 2027-01-28 254 days left
- Updated
- 2021-11-29
- Name servers
-
- ns1.worldnic.com
- ns2.worldnic.com
DNS records live
- NS
-
- ns1.worldnic.com
- ns2.worldnic.com
- MX
-
- 10 mx1.hc5220-75.iphmx.com
- 20 mx2.hc5220-75.iphmx.com
- TXT
-
e2ma-verification=41wbbMS=8905C9A5E5D41DEFADBADD71DF6A064D953B3B87
Email authentication partial
- SPF
-
v=spf1 mx ip4:68.178.203.134 ip4:206.71.80.64 a:documatix.com include:secureserver.net include:%{i}.spf.hc5220-75.iphmx.com include:spf.meridianlink.com include:u19729755.wl006.sendgrid.net include:spfhost.messageprovider.com include:spf.e2ma.net ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=nonepolicy: none (monitoring only) - DKIM
-
Show 4 DKIM selectors
- default:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Aokr8R+4hjYXhuTv9be/GsoarlVCRvbY5qvy0RMvrbsqla5VJTQYVsSBsyXFKV80URmAAkpR6L2aA… - selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO7brHczDQvqPq51NBfK T6HV4c8RuUqgCQCHg2HFTA0aHo/2AkGa5Kz1n0bNJ0NDp+brd+GecGHbX… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHeDGpevHkF+Ok8R9X5wzbAFqDTld1p17r/E+PMwbqsAaRT1PzcAXsjIRiVXmE3rrKSfKMx81ZhypYEm/B… - s2:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHCLzM8O103IQ2E8Jl2o1oa3BUz/ek0PRjgwtLuGO9/+DwLMhyjH0bGDPcfFeX7uwhd2AwXmpnWJqqaL3K…
selectors probed - default:
Certificate (current)
DigiCert EV RSA CA G2
Expires in 56 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
base-uri 'self'; default-src 'none'; img-src 'self' data: http: https: yext.com *.yext.com google.com *.google.com gstatic.com *.gstatic.com tiqcdn.com *.tiqcdn.com answersstatus.pagescdn.com *.pagescdn.com pagescdn.com api.glia.com api.w.org app.loanspq.com assets.sitescdn.net *.sitescdn.net sitescdn.net cdn.userway.org *.userway.org enb.insuranceaisle.com epnb.mymortgage-online.com gateway.fundsxpress.com maps.googleapis.com *.googleapis.com googleapis.com orderpoint.deluxe.com secure.fundsxpress.com *.fontawesome.com fontawesome.com googletagmanager.com *.googletagmanager.com youtube.com *.youtube.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com themes.googleusercontent.com yext.com *.yext.com tealiumiq.com *.tealiumiq.com google.com *.google.com gstatic.com *.gstatic.com tiqcdn.com *.tiqcdn.com answersstatus.pagescdn.com *.pagescdn.com pagescdn.com api.glia.com api.w.org app.loanspq.com assets.sitescdn.net *.sitescdn.net sitescdn.net cdn.userway.org *.userway- strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=10886400; includeSubDomains