indexo.dev

hphtrust.com

.com crawl

First seen 2026-04-21 · Last seen 2026-05-18 · ok HTTP/1.1 200 6599 ms crawled 2026-05-15

US · 13.248.180.139 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector other type homepage

HTML metadata

Title
> Home
Language
EN

Technology

Third-party hosts loaded (2)

  • ir.listedcompany.com×5
  • code.jquery.com×2

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2009-10-03
Expires
2026-10-03 135 days left
Updated
2025-05-27
Name servers
  • dns1.cscdns.net
  • dns2.cscdns.net

DNS records live

NS
  • dns1.cscdns.net
  • dns2.cscdns.net
MX
  • 10 hphtrust-com.mail.protection.outlook.com
TXT
  • 63XuaiQi749TCuzOiu1nezFgE35+W9ppuqK2UdMzE93jRyvamC2S+Nc9IdDsrqdm2kbDkDE0hXkjbEgU2pEygw==
Verified for
  • Microsoft 365

Email authentication strong

SPF
v=spf1 mx a ip4:202.45.192.0/18 a:www.hphtrust.com include:spf.protection.outlook.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; pct=100; rua=mailto:o365dmarc@hphtrust.com; ruf=mailto:o365dmarc@hphtrust.com
policy: quarantine
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtabt2Gk/W87U5J6pSTQUC1dn0x7XjsTjgbsVPzN4OuHPrVKgXVQ59Jn4pUDw+3gVAI85uIWa3LLloo…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLXrQGfWhuEQNJrOJlyQW5N9IAfxv7U62WvodjZ61AG0ojtsJ9kHvdTsTgJRMn484yg97MXWU9+XBP…
selectors probed

Certificate (current)

Amazon RSA 2048 M04
from 2025-10-17 to 2026-11-15
Expires in 178 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.hphtrust.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
sameorigin
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src * 'unsafe-inline' 'unsafe-eval' blob: data:; child-src * 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self';
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin

Linked from (1)