excelsiorcreative.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-15 · ok HTTP/1.1 200 438 ms crawled 2026-05-07

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Excelsior Creative | Nonprofit AI & Software Engineering Agency | Excelsior Creative
Description: Excelsior Creative is a trusted technology partner for national nonprofits, specializing in AI-powered solutions, custom software engineering, and digital strategy to amplify world-changing missions.
Language: en
Canonical: https://excelsiorcreative.com

Open Graph

url: https://excelsiorcreative.com
title: Excelsior Creative | Nonprofit AI & Software Engineering Agency
site name: Excelsior Creative
description: Excelsior Creative is a trusted technology partner for national nonprofits, specializing in AI-powered solutions, custom software engineering, and digital strategy to amplify world-changing missions.

Technology

CDN: Vercel
CMS: Next.js

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (4)

www.gstatic.com×2
fonts.gstatic.com×1
www.google.com×1
www.googletagmanager.com×1

Social

Contact

Email

Address

Irvine, CA, US

Registration

Registrar

Cloudflare, Inc.

Created

2018-10-04

Expires

2026-10-04 137 days left

Updated

2025-09-04

Name servers

bingo.ns.cloudflare.com
damian.ns.cloudflare.com

DNS records live

NS

bingo.ns.cloudflare.com
damian.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 5 TXT records

pinterest-site-verification=577db9cb40e6aaf5191796dd6e0978ab
yandex-verification: 72607d873fbbd8e3
MS=ms86876282
google-site-verification=8XtN-_GBsDsfaXc0gHxVA7nTcDWgkumvdIz6c4METr4
google-site-verification=Yq9lc1nL2RG8Dt9LVqyZU0Poyq44RAcmCDX-OP9uqJU

Email authentication strong

SPF

v=spf1 include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:203df2917eb145a2a29854c35c7fca31@dmarc-reports.cloudflare.net

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKVVIAQqAAqd/gYnoCL9jyG0R0ft3VNdrsv3eOOOtyvmecuWX+0llADlggjF6eJZ61t1rW2SgHcLB6…

selectors probed

Certificate (current)

R13

from 2026-04-30 to 2026-07-29

Expires in 71 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://excelsiorcreative.com/

present

strict-transport-security
content-security-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://scripts.clarity.ms https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://www.google.com https://www.gstatic.com https://excelsiorcreative.com https://3huuq4ro9ng8siwd.public.blob.vercel-storage.com; frame-src 'self' https://www.google.com https://recaptcha.google.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'
strict-transport-security: max-age=63072000

Links to (2)

facebook.com×2
linkedin.com×2