indexo.dev

howardhead.org

.org crawl

First seen 2026-05-08 · Last seen 2026-05-15 · ok HTTP/1.1 200 5891 ms crawled 2026-05-15

US · 207.148.15.85 · AS20473 The Constant Company, LLC

Reputation 92/100 no dmarc policy

sector health type homepage

HTML metadata

Title
Howard Head Sports Medicine
Description
Physical therapy near you with 10 locations in Eagle and Summit counties including Vail, Breckenridge, Beaver Creek, Avon, Eagle, Edwards, Gypsum, Frisco, Silverthorne and Basalt. Howard Head is the official medical provider of the US Ski & Snowboard and USA Climbing teams.

Technology

Server
Apache
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • fonts.googleapis.com×2
  • www.googletagmanager.com×1

Social

Contact

Phone
Address
rd Head181 West Meadow DriveVail, CO 81657

Registration

Registrar
GoDaddy.com, LLC
Created
2017-06-01
Expires
2026-06-01 12 days left
Updated
2024-07-19
Name servers
  • ns31.domaincontrol.com
  • ns32.domaincontrol.com

DNS records live

NS
  • ns31.domaincontrol.com
  • ns32.domaincontrol.com
MX
  • 10 mx1.hc2054-55.iphmx.com
  • 10 mx2.hc2054-55.iphmx.com
TXT
Show 6 TXT records
  • v=verifydomain MS=2834836
  • facebook-domain-verification=wib9q02i0hbyqswralbamzcyup990h
  • lmXZZuTRfB9ftX0BBSGhw0c/C32TVoXuCgJLnr34NZxCdiHt/1B88z9WhFtQUa8IXHm3M9ZhCPnb8p6srPpzpQ==
  • google-site-verification=JUJACV1jaLbfsyX8KcTj_mQczND_vIya0PBiSG9j02E
  • ZOOM_verify_DslIM9G6lBRWk4MJTHfH7o
  • google-site-verification=6jRAegW1zsfaaV-nsl7j0ZzsiWHO6zkO5m1OYDlCfws

Email authentication weak

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

ZeroSSL ECC DV SSL CA 2
from 2026-05-13 to 2026-08-12
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.howardhead.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
sameorigin
content-security-policy
default-src 'self'; script-src 'self' https://ajax.googleapis.com/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com/ https://unpkg.com/ https://cdn.userway.org https://cmp.osano.com https://collector-8162.tvsquared.com https://consent.api.osano.com https://perfalytics.com https://www.googletagmanager.com https://cdn.ckeditor.com https://cke4.ckeditor.com https://img.youtube.com/ https://api.perfalytics.com https://collector-11293.tvsquared.com https://cmmhealth.tco-health.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.vailhealth.org/ https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://maps.google.com https://maps.googleapis.com/ https://www.google.com/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://googleads.g.
strict-transport-security
max-age=31536000; includeSubDomains

Links to (12)

Linked from (4)