indexo.dev

hotspringsar.gov

.gov user

First seen 2026-05-12 · Last seen 2026-05-12 · ok HTTP/1.1 200 10332 ms crawled 2026-05-12

NL · 89.106.200.153 · AS209626 Enflow B.V.

Reputation 100/100

sector government type homepage

HTML metadata

Title
Hot Springs, AR - Official Website | Official Website
Language
en

Technology

CDN
Cloudflare

Third-party hosts loaded (3)

  • www.hotspringsar.gov×36
  • docaccess.com×1
  • main.withapps.io×1

Social

Contact

Phone

Registration

Registrar
get.gov
Created
2021-05-27
Expires
2026-11-10 174 days left
Updated
2025-11-15
Name servers
  • ns25.domaincontrol.com
  • ns26.domaincontrol.com

DNS records live

NS
  • ns25.domaincontrol.com
  • ns26.domaincontrol.com
MX
  • 0 hotspringsar-gov.mail.protection.outlook.com
TXT
Show 4 TXT records
  • duo_sso_verification=nYdOozBpTFERKvBagrnTtbMYp8eiR3SMoDhHaCu5OnfSnHL92oKxwd7yLzOcceYa
  • knowbe4-site-verification=e8939c55fedc6591bb07a600c33df20a
  • apple-domain-verification=7uUDaK9liwFloU0j
  • zscaler-verification-73312753-7312025-ketUs2

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com include:spf-local.hotspringsar.gov -all
strict (-all)
DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:3f1w0rak@ag.us.dmarcian.com,mailto:re+t2k9mk4bi3s@dmarc.postmarkapp.com; sp=reject; ruf=mailto:3f1w0rak@fr.us.dmarcian.com; aspf=r;
policy: reject (enforced) · sp=reject
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvabi2u4ha/1JoGr3WPreuNdRRPEr/M3zuJ+nPVbdY5H032f4j5MdSAuaLZ5gefeRjkejvinflqH4/T…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdDiaak9XIWGBot8c5jiab7yaO/Y/0RKIz2DEAS6dLAmyJgiFJFBlv6JK1U368BfeAhZozIybywaX6…
selectors probed

Certificate (current)

E8
from 2026-04-12 to 2026-07-11
Expires in 52 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.hotspringsar.gov

present
  • content-security-policy
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src *

Links to (12)