indexo.dev

esl.org

.org crawl

First seen 2026-04-13 · Last seen 2026-05-15 · ok HTTP/1.1 200 1260 ms crawled 2026-05-07

US · 34.195.230.152 · AS14618 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

sector finance type homepage

HTML metadata

Title
ESL Federal Credit Union
Description
With outstanding member service, ESL Federal Credit Union provides personal and business banking and wealth management services to the Rochester area.
Language
en
Canonical
https://www.esl.org

Open Graph

url
https://www.esl.org
title
ESL Federal Credit Union
description
With outstanding member service, ESL Federal Credit Union provides personal and business banking and wealth management services to the Rochester area.

Technology

Server
Microsoft-IIS
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • ajax.aspnetcdn.com×3
  • ajax.googleapis.com×2
  • www.googletagmanager.com×2
  • cds-sdkcfg.onlineaccess1.com×1
  • d21y75miwcfqoq.cloudfront.net×1
  • geoip-js.com×1

Social

Contact

Phone
Address
st or Stolen CardSecurity & FraudCurrent RatesCareersCustomer Service585.336.10008

Registration

Registrar
Network Solutions, LLC
Created
1997-04-17
Expires
2029-04-18 1064 days left
Updated
2020-03-04
Name servers
  • ns10.dnsmadeeasy.com
  • ns11.dnsmadeeasy.com
  • ns12.dnsmadeeasy.com
  • ns13.dnsmadeeasy.com
  • ns14.dnsmadeeasy.com
  • ns15.dnsmadeeasy.com

DNS records live

NS
  • ns20.digicertdns.com
  • ns21.digicertdns.com
  • ns22.digicertdns.com
  • ns23.digicertdns.net
  • ns24.digicertdns.net
  • ns25.digicertdns.net
MX
  • 10 mxa-00146102.gslb.pphosted.com
  • 20 mxb-00146102.gslb.pphosted.com
TXT
Show 19 TXT records
  • cisco-ci-domain-verification=7bbea6d8ccffec48ce1d4e7fa77229bb2854637b7b4b4879ea4cdbbf0b849288
  • adobe-idp-site-verification=6f05938dbcb698c493fced051f3e4285acbc4ac4f913959c21100c7c290a9e52
  • docusign=7155994c-6443-434f-ae25-883783078030
  • MS=ms99319205
  • cEeRG9mZ
  • docusign=ebfc8bfe-e72c-4566-a860-1b684caf92fe
  • globalsign-domain-verification=96ivngYOeV_QPfyWExQIPiAa3MQ8IkSQBTCAZoDGJM
  • google-site-verification=7PT0pYPpazh9TKvKoWMu385knJzhRXcxluM76NuhZPU
  • facebook-domain-verification=99tll5lkmzqf875q1cph8ynjz10mf8
  • _gas8tazrehjw383e3zcer7ohnp67w0f
  • duo_sso_verification=32nxiE3l7cCcz5zosbz1TUUSdOMWFsN3N1qxmiI67ig99flFSND9vgMsOvHkept3
  • MS=ms60162781
  • globalsign-domain-verification=8591AEAA2810440DEA2A3DF5FC8D9F5F
  • bw=rPQ1iZD53el7vUgSZ90Bq0ZtcIMREdUZO81ka1Q6MD3H
  • p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpMa/1vGapFghmfMHdTRNXY3vvxYmwXedUyoBEdW96OUTT9fXuIS2Ld2RsOk/LAMnTUXax3fvmqjHzwomxwojyXybGbaNCD2TYBhZAfJ9vxtfCa1z384owJUgsMKs9+ZU8x287MDHWpdwPR+nghpkVWmzsFoxMoQQZwbi5Yz0pfQIDAQAB
  • 6341ed4b-6525-49d1-9e6b-4f374b00d77d
  • 00D5f000005urIQ=1TBRl00000001gr
  • _41i82hhpmfrj3figqttfk71a1nzsj21
  • MS=ms54854713

Email authentication strong

SPF
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: none (monitoring only)
DKIM
Show 4 DKIM selectors
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+EVphcE0DgzkvId2M+oWjjOlCwUfOqi8734KR3tETTvuC3vmcx4AKb/VcCKL/0zQaHJWm8u24gVAkF+ov7R…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+VLwyGabMuNDda+sFEjQY6dtCN5DtsWVVCGXW5jin57+7+rNE3XRiao3f35cjc47AGIMAe+1SchdATk49Yp…
  • s1: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6lvq65hUYc08erudKjEc4NfX4Inxc1BOFGR1cj8VZZuK4vGRJUkAvqMCchdc3iGWhW3Mbogyv/ZMi4OxbL3rpbP…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDSCIZ+NlIB4ta5ev/aVwWI2iheXi0Rs41o0q/kGzpjQ/rE9JAkd+D+WeUQ4yHAQnhpFd+0CLxoyPRb7llkHpK98…
selectors probed

Certificate (current)

Amazon RSA 2048 M01
from 2025-09-22 to 2026-10-21
Expires in 154 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.esl.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src * 'self' blob:;
strict-transport-security
max-age=63072000; includeSubDomains; preload

Links to (12)

Linked from (4)