hdfcfund.com

HTML metadata

Title: Mutual Funds: Invest Online & Start a SIP | HDFC Mutual Fund
Description: Mutual Fund investment made easy. Explore top-performing HDFC Mutual Fund schemes - equity, debt and more. Start your journey with an SIP or lump sum today.
Language: en
Canonical: https://www.hdfcfund.com

Technology

CDN: Akamai
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (4)

i.ytimg.com×21
www.googletagmanager.com×2
ajax.googleapis.com×1
cdnt.netcoresmartech.com×1

Social

Contact

Email

Phone

180030106767

Address

HDFC House,2nd Floor,H.T.Parekh Marg,165-166,Backbay Reclamation, 400020, Churchgate, Mumbai, Maharashtra, IN

Registration

Registrar

PDR Ltd. d/b/a PublicDomainRegistry.com

Created

1999-12-07

Expires

2028-12-07 933 days left

Updated

2026-05-06

Name servers

a1-84.akam.net
a13-64.akam.net
a20-66.akam.net
a4-67.akam.net
a5-67.akam.net
a8-67.akam.net

DNS records live

NS

a1-84.akam.net
a13-64.akam.net
a20-66.akam.net
a4-67.akam.net
a5-67.akam.net
a8-67.akam.net

MX

10 hdfcfund-com.cleansmtp.powerelay.com

TXT

Show 10 TXT records

google-site-verification=kaVEciDGL9M0VUrbf9GYuSViQd5tjUvRdJTufzM4wQw
google-gws-recovery-domain-verification=64350794
MS=ms70283512
a12a939d335244da91ebe5e36c03fa7d
385dfda4-77e9-4ded-b403-73554846783e
fm299hj3knvl4yj4lpsh378mz7r6pj1x
google-site-verification=l5INcak3phTY0zHJdW73SHICatmkIq82B2NyhE7-9Mk
google-gws-recovery-domain-verification=65220444
google-site-verification=WOtjoXklp_z6Voy3QUNmYGcshL--7p7KZmxvt2iqXH4
google-site-verification=03AeBtZGEJfY9jKvE4cooy2W5oVM2mQmnP8C-UpZPSo

Email authentication strong

SPF

v=spf1 mx include:spf.hdfcfund.com include:spf2.hdfcfund.com include:3-spf.powerelay.com include:6-spf.powerelay.com include:spf.protection.outlook.com ip4:13.127.255.15 ip4:202.162.239.0/19 exists:%{ir}._spf.netcorecloud.net -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:a97e55a7b857189@dmarcmonitor.net; ruf=mailto:ruf.report@dmarcmonitor.net; fo=1; adkim=s; aspf=r

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DY6/YlHkZEu7Z3h2MKoULWw64st8m+46Z9SpTwdjIV0LOsYOWVds+Z8fUVbOaait0xv+h1pn5WxyQ…
k1: k=rsa;p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMP5fINcilhOJB8mD1++cuexuMenI9YLevxBGjawyTl4gYwbvESe0ezJRz0kkpbcakfJBlQcytxIetLjLdYTIFcCAwEAAQ==;

selectors probed

Certificate (current)

DigiCert Global G3 TLS ECC SHA384 2020 CA1

from 2026-03-14 to 2026-09-29

Expires in 133 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.hdfcfund.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' pro.ip-api.com connect.smallca.se *.smallcase.com *.hdfcfund.com *.paynimo.com *.netcore.co.in *.tawk.to *.netcoresmartech.com *.googletagmanager.com *.bootstrapcdn.com *.maxymiser.net *.googleapis.com *.camsonline.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.boxx.ai *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.in *.gstatic.com *.mutualfundsindia.com *.youtube.com *.plyr.io *.ytimg.com *.unfyd.com *.allincall.in *.hansel.io; object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' pro.ip-api.com connect.smallca.se *.smallcase.com *.hdfcfund.com *.paynimo.com *.netcore.co.in *.tawk.to *.netcoresmartech.com *.googletagmanager.com *.bootstrapcdn.com *.maxymiser.net *.googleapis.com *.camsonline.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.boxx.ai *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.in *.gstatic.com *.mutualfundsindia.com *.youtube.com *.plyr.io *.ytimg.com *.u
strict-transport-security: max-age=63072000; includeSubdomains; preload
cross-origin-opener-policy: same-origin-allow-popups