hillsflatlumber.com

.com crawl

First seen 2026-05-09 · Last seen 2026-05-15 · ok HTTP/1.1 200 1707 ms crawled 2026-05-15

US · 146.148.45.127 · AS396982 Google LLC

Reputation 100/100

Classifying

HTML metadata

Title: Hills Flat Lumber
Description: Hills Flat Lumber
Language: en
Canonical: https://hillsflatlumber.com/

Open Graph

url: https://hillsflatlumber.com/
title: Hills Flat Lumber: Your Local Hardware Store in Grass Valley
site name: Hills Flat Lumber
description: Hills Flat Lumber

Technology

Analytics

Google Tag Manager

Third-party hosts loaded (10)

static.ezadlive.com×25
storage.googleapis.com×7
images.ezad.io×3
api.ezadlive.com×1
bit.ly×1
cdn.rlets.com×1
daily.yubanet.com×1
maps.googleapis.com×1
www.facebook.com×1
www.googletagmanager.com×1

Contact

Address: 380 Railroad Ave, 95945, Grass Valley, CA, US

Registration

Registrar

GoDaddy.com, LLC

Created

2000-11-20

Expires

2029-11-20 1279 days left

Updated

2022-11-16

Name servers

ns65.domaincontrol.com
ns66.domaincontrol.com

DNS records live

NS

ns65.domaincontrol.com
ns66.domaincontrol.com

MX

0 hillsflatlumber-com.mail.protection.outlook.com

Verified for

Google

Email authentication strong

SPF

v=spf1 a:triadinet.com a:triadinet.net mx:triadinet.com mx:triadinet.net a:mail.aaih.net include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:dmarc@hillsflatlumber.com;

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdMotOrlkpbqfE1QK2Bk16zuSizwWIAzzIfPIQq3i2nGAwUI5xKRtI6fxkEkC/wMDjF299/Cgy58r4avKmuy…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R12

from 2026-04-21 to 2026-07-20

Expires in 60 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://hillsflatlumber.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' bit.ly daily.yubanet.com chimpstatic.com cdn.rlets.com; connect-src 'self' *.ezadtv.com *.ezadlive.com *.stripe.com *.googleapis.com *.paypal.com *.google-analytics.com *.sentry.io *.facebook.com google.com *.google.com *.youtube.com *.hcaptcha.com bit.ly daily.yubanet.com chimpstatic.com cdn.rlets.com; font-src * data: bit.ly daily.yubanet.com chimpstatic.com cdn.rlets.com; img-src * data: fault.rlets.com bit.ly daily.yubanet.com chimpstatic.com cdn.rlets.com; frame-src 'self' *.stripe.com www.googletagmanager.com *.paypal.com td.doubleclick.net platform.liquidus.net ezadtv.com *.google.com *.youtube.com *.hcaptcha.com hillsflatlumber.us17.list-manage.com storage.googleapis.com tourmkr.com bit.ly daily.yubanet.com chimpstatic.com cdn.rlets.com; script-src 'self' blob: 'unsafe-inline' www.web2dm.com www.googletagmanager.com *.google-analytics.com connect.facebook.net js.stripe.com platform.liquidus.net static.hotjar.com static.ezadlive.com *.googleapis.com *.paypal.c
strict-transport-security: max-age=31536000

Linked from (1)

meb2turkeytrot.com×1