fedsmallbusiness.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 2452 ms crawled 2026-05-18

NL · 104.110.191.26 · AS20940 Akamai International B.V.

Reputation 100/100

Classifying

HTML metadata

Title: Fed Small Business
Description: Fed Small Business features small business research and analysis by the 12 Reserve Banks of the Federal Reserve System.
Language: en
Canonical: https://www.fedsmallbusiness.org

Open Graph

url: https://www.fedsmallbusiness.org/
title: Fed Small Business
description: Fed Small Business features small business research and analysis by the 12 Reserve Banks of the Federal Reserve System.

Registration

Registrar

GoDaddy.com, LLC

Created

2018-02-07

Expires

2027-02-07 262 days left

Updated

2026-03-24

Name servers

pdns108.ultradns.org
pdns108.ultradns.biz
pdns108.ultradns.com
pdns108.ultradns.net
ns60.ultradns2.org
ns60.ultradns2.com

DNS records live

NS

ns60.ultradns2.com
ns60.ultradns2.org
pdns108.ultradns.biz
pdns108.ultradns.com
pdns108.ultradns.net
pdns108.ultradns.org

MX

10 mx1.frb.iphmx.com
10 mx2.frb.iphmx.com

TXT

Show 4 TXT records

daJYbb+tNkzE4dNN99M/cqFz9KdKVMNN3yH8ZNnU2suk5hBuvKCCpZfPed75UNiUQ4CY3ovoJ6nsNtwmb5TSgg==
_bigp81imtd6kmmcp9lgvsykxkabj8gk
_p8dbchvmf6fmyy1ucooavvhgb0zu4wm
T7oeEMjQUIQDzg8K6M5KgT08Z0M:EE97-5D1C-E373-0589-0295-4177-B31D-4624

Verified for

Microsoft 365

Email authentication strong

SPF: v=spf1 ip4:199.169.200.4 ip4:199.169.204.4 ip4:199.169.240.69 ip4:199.169.208.69 exists:%{i}.spf.frb.iphmx.com include:spf.protection.outlook.com include:8397508.spf10.hubspotemail.net ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; rua=mailto:dmarcreporting@frb.org
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-03-27 to 2026-06-25

Expires in 36 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.fedsmallbusiness.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection

Header values

referrer-policy: no-referrer,strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), hid=(), idle-detection=(), interest-cohort=(), serial=()
x-content-type-options: nosniff
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src 'self' blob: clevelandfed.shorthandstories.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; worker-src blob:;, object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
strict-transport-security: max-age=31536000 ; includeSubDomains
cross-origin-resource-policy: same-origin