fifpro.org

HTML metadata

Title: FIFPRO: Supporting Footballers and Player Unions Worldwide
Description: FIFPRO is the global representative organisation for professional footballers, made up of over 70 national player unions and representing over 77,000 players worldwide. As a trade union, FIFPRO defends and advances players’ rights, welfare and working conditions, engaging with governing bodies, leagues and other stakeholders to ensure players’ voices are heard and respected.
Language: en-GB

Technology

CDN: Vercel
CMS: Next.js

Analytics

Google Tag Manager

Social widgets

Vimeo Embed

Third-party hosts loaded (2)

player.vimeo.com×4
www.googletagmanager.com×1

Social

Contact

Email

legal@fifpro.org

Registration

Registrar

Realtime Register B.V.

Created

2000-10-25

Expires

2026-10-25 158 days left

Updated

2025-10-19

Name servers

gemma.ns.cloudflare.com
jaxson.ns.cloudflare.com

DNS records live

NS

gemma.ns.cloudflare.com
jaxson.ns.cloudflare.com

MX

0 fifpro-org.mail.protection.outlook.com

TXT

Show 6 TXT records

google-site-verification=cKosAArJm3eevQfmh_dOLmAKya7bJIug19jJPAuTfFo
MS=ms87099351
apple-domain-verification=xoZ8VkSqMel7UR3V
asv=440a13cc81bbcd76d1995b7898739270
asv=e820b3f0aaeb9145961f4791fb296894
facebook-domain-verification=cdlfy3ti0jol8l9tgozhasint5xhtx

Email authentication strong

SPF

v=spf1 a mx a:fortimail.netdata.nl ip4:95.155.191.58 ip4:185.31.244.212 ip4:89.250.189.190 include:servers.mcsv.net include:_spf.argewebhosting.nl include:spf.protection.outlook.com include:spf-westeu.emailsignatures365.com include:spf.EU.exclaimer.net include:spf.thevalley.nl -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

Show 4 DKIM selectors

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1VnNSo21TkvquulmLMvy6NVvRA9C53NA17TRxypS8Bl+6m7IdipB3kcrQLo0jIij6SGib4H0b5Vvo…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtklBY3baXYonYoNqjqE31ODraiD6nhQyvjY22gsz/9P67CxVU1jLhBSqoyTMQWiQBlYgwnuxEJgP4Y21OB…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCisFfg9kdNPt0521yKaa0/4Foptwsi9cUKyi8qB7rbfH7Ij10tHVJsrz8XCgi1uae6CjPp9BkcW+odNmaxDQbWER…

selectors probed

Certificate (current)

R12

from 2026-03-12 to 2026-06-10

Expires in 21 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.fifpro.org/en

present

strict-transport-security
content-security-policy
x-content-type-options

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.googletagmanager.com https://*.vercel-scripts.com http://munchkin.marketo.net/ https://api.270degrees.nl/api/script/latest/viewer.js https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://vercel.live https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://static.ads-twitter.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data: https:; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://admin.fifpro.org https://www.google.com/; frame-src 'self' https:; connect-src 'self' blob: https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://api.270degrees.nl https://*.google-analytics.com *.mktoresp.com https:/
strict-transport-security: max-age=86400