indexo.dev

hotosm.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 2842 ms crawled 2026-05-18

US · 66.241.125.105 · AS40509 Fly.io, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Home - HOT Website
Language
en

Technology

Server
Fly
CMS
Gatsby
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • swoon-hotosm-staging.s3.us-west-1.amazonaws.com×44
  • fonts.googleapis.com×3
  • cdn.jsdelivr.net×1
  • fonts.gstatic.com×1
  • unpkg.com×1

Social

Registration

Registrar
Gandi SAS
Created
2011-07-21
Expires
2026-07-21 63 days left
Updated
2025-06-21
Name servers
  • ns-1282.awsdns-32.org
  • ns-1615.awsdns-09.co.uk
  • ns-427.awsdns-53.com
  • ns-757.awsdns-30.net

DNS records live

NS
  • ns-1282.awsdns-32.org
  • ns-1615.awsdns-09.co.uk
  • ns-427.awsdns-53.com
  • ns-757.awsdns-30.net
MX
Show 7 MX records
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 20 alt2.aspmx.l.google.com
  • 30 aspmx2.googlemail.com
  • 30 aspmx3.googlemail.com
  • 30 aspmx4.googlemail.com
  • 30 aspmx5.googlemail.com
TXT
Show 6 TXT records
  • asv=cc5bdd89ad517bb1129a422e949bb8dc
  • did=did:plc:shteeq6uqxduku2gol6o6dtl
  • google-site-verification=hhJPALXkG9ePSNu0fL1UDOTaBB_0SKZBtJ0nBi0wlgI
  • slack-domain-verification=HYYZEnvcTkPPQmWyjJJH08Z7jldsdp8fVITDJojY
  • 1306C41AD2
  • MS=CD0F84E1811E26BBD4940560715AA272EBD789B5

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:amazonses.com include:_spf.salesforce.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; sp=reject; pct=100; adkim=s; rua=mailto:hotosm-d@dmarc.report-uri.com; fo=0:1
policy: quarantine · sp=reject
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmYZ/36LGuuJ9JYjfoWyo6nmYXQd0xNI+tGoV57x7CFSzARWPOjt1iiQg2ymWG98XGHccG/Q/5Zt4V1cgQ+r…
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

E7
from 2026-04-17 to 2026-07-16
Expires in 58 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.hotosm.org/en/

present
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • missing HSTS
  • missing Content Security Policy
  • missing frame protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
cross-origin-opener-policy
same-origin

Links to (8)

Linked from (12)