hcfl.gov

.gov user

First seen 2026-05-13 · Last seen 2026-05-13 · ok HTTP/1.1 200 588 ms crawled 2026-05-13

US · 15.197.167.90 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector government type blog

HTML metadata

Title: Home | Hillsborough County, FL
Language: en

Open Graph

url: https://hcfl.gov/
title: Home

Technology

CDN: Netlify
CMS: Nuxt

Third-party hosts loaded (6)

res.cloudinary.com×9
analytics.silktide.com×1
cdn.jsdelivr.net×1
cdn.mouseflow.com×1
cdn.userway.org×1
kit.fontawesome.com×1

Social

Registration

Registrar

get.gov

Created

2022-10-14

Expires

2026-09-15 119 days left

Updated

2025-09-20

Name servers

ns1-05.azure-dns.com
ns2-05.azure-dns.net
ns3-05.azure-dns.org
ns4-05.azure-dns.info

DNS records live

NS

ns1-05.azure-dns.com
ns2-05.azure-dns.net
ns3-05.azure-dns.org
ns4-05.azure-dns.info

MX

0 hcfl-gov.mail.protection.outlook.com

TXT

Show 4 TXT records

google-site-verification=EawUVO_thIHIZe7C-hOtrb6NkW6tMfa3SSmCuq4CZDc
atlassian-domain-verification=14FpA1BG7aKJLasbuDv3Ks/Mi952TN24jMySUAAT/a6l7Ooba5/10HKK6K6/0Cqm
jamf-site-verification=yhGV7QhN52s7vAbR2SQoZQ
MS=ms86332195

Email authentication strong

SPF

v=spf1 ip4:107.144.145.2 ip4:107.144.145.12 ip4:107.144.145.13 ip4:172.109.179.39 ip4:172.109.179.37 ip4:192.29.103.205 ip4:192.29.103.231 ip4:192.29.103.159 include:spf.protection.outlook.com include:spf_c.oraclecloud.com include:amazonses.com include:spf.cashedge.com a:b.spf.service-now.com a:c.spf.service-now.com a:d.spf.service-now.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:fbczdr1h@ag.us.dmarcian.com, mailto:dreport@hcfl.gov,mailto:dmarc_agg@vali.email;

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtat/8u6zo5frTYpRg9/7NE0bNZNPwbWJI4COZiqhl8PHOY37DDW2g5acsTbH+4P0rqK9INIX73eo5…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny6+Z5VJKYkupHEsGlOk/01CHSgIZ/8r1GmpoO//q/EoPdHUfuuAtew83usPgNNmd1Mes1zVpZI4Nogoax…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCkKzyeZV3vOg0WhJjNeOG73p3eGxg5j3DpJ1SV6U2hrco7GSAiuyfGcXFYA4ick8ELj+q9wWoLCrPtH+klwsnGo…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA OV R36

from 2025-11-19 to 2026-11-20

Expires in 185 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://hcfl.gov/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()
x-content-type-options: nosniff
content-security-policy: base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com *.mouseflow.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' *.mouseflow.com; upgrade-insecure-requests;
strict-transport-security: max-age=15552000; includeSubDomains;
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin