lopfi-prb.com

.com crawl

First seen 2026-04-20 · Last seen 2026-05-19 · ok HTTP/1.1 200 2768 ms crawled 2026-05-14

US · 207.211.187.195 · AS31898 Oracle Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: LOPFI | Local Police and Fire Retirement System
Language: en

Technology

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×2
fonts.gstatic.com×1

Contact

Phone

+15016821745

Registration

Registrar

Network Solutions, LLC

Created

1997-03-26

Expires

2034-03-27 2867 days left

Updated

2025-06-04

Name servers

ns59.worldnic.com
ns60.worldnic.com

DNS records live

NS

ns59.worldnic.com
ns60.worldnic.com

MX

0 lopfiprb-com01c.mail.protection.outlook.com

Verified for

Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com exists:%{i}._spf.inkyphishfence.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFEHouOKvy7skqBYfNZU6awtQlE+IN4EuQoRyZpIIvB+einJLHYRC3Ph59Sskr8ZdeW5NkhIrwDCAN1GnXBM…

selectors probed

Certificate (current)

from 2026-03-26 to 2026-06-24

Expires in 34 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://lopfi-prb.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(self),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.api.smartystreets.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.datatables.net https://dc.services.visualstudio.com https://ajax.aspnetcdn.com https://az416426.vo.msecnd.net https://js.monitor.azure.com https://cdn.syncfusion.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/; connect-src 'self' https://www.google-analytics.com https://dc.services.visualstudio.com https://*.api.smartystreets.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.datatables.net; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://chart.apis.google.com data: blob:; object-src 'self'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin

Links to (1)

arrivos.com×2

Linked from (2)

jacksonvillear.gov×1
cityofjacksonville.net×1