indexo.dev

esv.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1885 ms crawled 2026-05-07

US · 34.231.140.119 · AS14618 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
ESV.org
Language
en

Open Graph

site name
ESV Bible

Technology

Server
nginx
CMS
Gatsby
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • dch8lckz6x8ar.cloudfront.net×20
  • cdn.fonts.net×1
  • www.facebook.com×1
  • www.googletagmanager.com×1

Registration

Registrar
Tucows Domains Inc.
Created
2001-01-25
Expires
2030-01-25 1346 days left
Updated
2025-02-20
Name servers
  • ns2.crossway.org
  • ns1.crossway.org
  • ns3.crossway.org

DNS records live

NS
  • ns1.crossway.org
  • ns2.crossway.org
  • ns3.crossway.org
MX
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 20 alt2.aspmx.l.google.com
  • 30 aspmx2.googlemail.com
  • 30 aspmx3.googlemail.com
TXT
  • apple-domain-verification=rPOSMvlsMNl1Q9TIuLq46yoq1fgv8fUsuy125oaM-kU
  • gm1wlpmsg5cbt1fgv38821fd7ry3jdxq
  • ys858vvl88zktdg8fnkz3fxptfspb26y

Email authentication partial

SPF
v=spf1 include:_spf.crossway.org ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:dmarc-reports@esv.org,mailto:dmarc@crossway.uriports.com; ruf=mailto:dmarc-reports@esv.org,mailto:dmarc@crossway.uriports.com; fo=1:d:s
policy: none (monitoring only)
DKIM
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2026-01-09 to 2027-02-10
Expires in 266 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.esv.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data:
strict-transport-security
max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy
same-origin

Links to (2)

Linked from (7)