hayward.com

HTML metadata

Title: Welcome to Hayward Residential and Commercial Pool Products
Description: Hayward offers environmentally responsible, cutting-edge pool and spa equipment for residential and commercial, in-ground and above-ground pools.
Language: en
Canonical: https://www.hayward.com/

Open Graph

url: https://www.hayward.com/
title: Home

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (4)

cdn-widgetsrepository.yotpo.com×1
cdn.bc0a.com×1
rum.hlx.page×1
www.googletagmanager.com×1

Social

Contact

Address: rd Rewards®Partner EventsMAP Policy(opens in a new tab)2026

Registration

Registrar

Network Solutions, LLC

Created

1995-07-26

Expires

2026-07-25 67 days left

Updated

2025-12-02

Name servers

ns-1089.awsdns-08.org
ns-1643.awsdns-13.co.uk
ns-258.awsdns-32.com
ns-851.awsdns-42.net

DNS records live

NS

ns-1089.awsdns-08.org
ns-1643.awsdns-13.co.uk
ns-258.awsdns-32.com
ns-851.awsdns-42.net

MX

0 hayward-com.mail.protection.outlook.com

TXT

Show 7 TXT records

apple-domain-verification=GDxqeXatZKKNVHGO
google-site-verification=BbQjq0Ov8tKaCr1QwNLOQvjtRcyWbCw8loQmJJj1XiY
google-site-verification=IE1bnMfMznq6l2cpuUvUgqoViwHPri3SY89rHGomUPQ
box-domain-verification=2ecf2adcb01d5cd813367fc9d2abd2645bb6ee1765e975d166a9cdfb11ab1b72
adobe-idp-site-verification=9b39d6307fdf22ca853833416738dd9d5cc2ea35d157c1ad79a99438a82f2939
MS=ms22413714
_azawbi5cve69ifkpu059hbflz4ncfab

Email authentication partial

SPF

v=spf1 a:relay1.hayward.com a:relay2.hayward.com include:_spf.google.com include:whitelabel.hayward.com include:spf.protection.outlook.com include:mailgun.org include:spf.zohomail360.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:cu9daxhr@ag.dmarcian.com; ruf=mailto:cu9daxhr@fr.dmarcian.com

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCctv1nqnjZIs68tMfB4eCRk43Bj8yHR9MC9sQgtuzRX6vENOy6r/IptNKsiQE80kAsg95UOsTFv2+Y2/vFZa…
selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlMdjcQacXkNlubr2KuAJDlP6P/hGm81w40/P2WSul1QNqFM0DvAkNAz1TzPedOPC4ODVKpSFYX9Li…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKOizmkmE9zNlJWO1xngLDLWeYJqYsHzBWuELRj18kUrJF3DfZjdYEW6kou+J+DOh3X66ToJagH7sgQrb0MFTEREQQ+4S…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R12

from 2026-05-01 to 2026-07-30

Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.hayward.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.paypal.com 'self' 'unsafe-inline';
strict-transport-security: max-age=31557600