h2ocustomers.com

.com crawl

First seen 2026-04-20 · Last seen 2026-05-11 · ok HTTP/1.1 200 1816 ms crawled 2026-05-14

US · 192.124.249.111 · AS30148 Sucuri

Reputation 100/100

sector government type homepage

HTML metadata

Title

Water Bill Districts Services - Customer Portal H2O Innovation

Description

Pay your Water Bill, Start or Stop your service, Find information about your District | New H2O Innovation Trusted Utility Partners Customer Portal

Language

en-US

Generator

WordPress 6.9.4

Canonical

https://h2ocustomers.com/

Feeds

Open Graph

url: https://h2ocustomers.com/
title: Water Bill Districts Services - Customer Portal H2O Innovation
locale: en_US
site name: Customer Portal - H2O
description: Pay your Water Bill, Start or Stop your service, Find information about your District | New H2O Innovation Trusted Utility Partners Customer Portal

Technology

Server: Sucuri
CMS: WordPress

Analytics

Google Tag Manager

Third-party hosts loaded (5)

maps.google.com×2
code.tidio.co×1
effetmonstre-footer.s3.us-east-2.amazonaws.com×1
gmpg.org×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

GoDaddy.com, LLC

Created

2022-12-21

Expires

2028-12-21 947 days left

Updated

2025-12-22

Name servers

anastasia.ns.cloudflare.com
newt.ns.cloudflare.com

DNS records live

NS

anastasia.ns.cloudflare.com
newt.ns.cloudflare.com

TXT

google-site-verification=UExL_FWjPVyGB9ZIZDRDasFp5fAf1oMZHb3p13dV3pQ

Email authentication no MX

SPF: v=spf1 a mx ip4:51.222.240.8 ip4:158.85.89.116 ip4:158.85.77.121 ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Starfield Secure Certificate Authority - G2

from 2025-06-19 to 2026-07-18

Expires in 60 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://h2ocustomers.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection

Header values

referrer-policy: same-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
permissions-policy: geolocation=(), microphone=(), camera=()
x-content-type-options: nosniff, nosniff
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tidio.co wss://*.tidio.co *.tidio.co ams.wpml.org s0.wp.com *.ytimg.com tceq.maps.arcgis.com *.h2ocustomers.com h2ocustomers.com *.driftt.com *.gravatar.com *.google.com *.metricool.com *.googleapis.com *.googletagmanager.com *.cdn-cookieyes.com cdn-cookieyes.com *.cookieyes.com *.cloudflare.com *.youtube.com www.gstatic.com *.gstatic.com *.google-analytics.com *.amazonaws.com data: blob:; frame-ancestors 'self' *.h2ocustomers.com h2ocustomers.com; frame-src self *.google.com google.com arcgis.com *.arcgis.com *.h2ocustomers.com h2ocustomers.com *.driftt.com tidio.com *.tidio.com
strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains; preload

Links to (8)

Linked from (1)

h2oinnovation.com×2