mbta.com

HTML metadata

Title

MBTA - Massachusetts Bay Transportation Authority

Description

Public transit in the Greater Boston region. Routes, schedules, trip planner, fares, service alerts, real-time updates, and general information.

Language

en

Feeds

MBTA.com Latest News RSS

Technology

CMS: Drupal

Analytics

Google Analytics
Google Tag Manager

Third-party hosts loaded (3)

translate.google.com×1
www.google-analytics.com×1
www.googletagmanager.com×1

Social

Contact

Phone

Address

road crossing, call800-522-8236

Registration

Registrar

Amazon Registrar, Inc.

Created

1998-08-06

Expires

2026-08-05 78 days left

Updated

2026-05-13

Name servers

ns-1087.awsdns-07.org
ns-1992.awsdns-57.co.uk
ns-201.awsdns-25.com
ns-749.awsdns-29.net

DNS records live

NS

ns-1087.awsdns-07.org
ns-1992.awsdns-57.co.uk
ns-201.awsdns-25.com
ns-749.awsdns-29.net

MX

10 mxa-002a6d01.gslb.pphosted.com
20 mxb-002a6d01.gslb.pphosted.com

TXT

Show 7 TXT records

miro-verification=17b997c21096872f1180d943aeb8e55f72b6ad1f
qiWpzmQB5FUpAvl0vAiFibBpUEpSA3ITeNQtVFWEklikD48IrEDwfNIS3OS2ImkTjicqe4x0ISDz19m7nWYMAQ==
MS=ms79021091
alwgtaf.impervadns.net
box-domain-verification=658d542407b24b095fb521db4249632769fbd5b20987cfce4db6f4e62dd4813d
google-site-verification=RXcADgYAGHcQOqTiblQYh-6vB1IMAhrebCqlbWWt3HQ
j2pnphfun81jcbasjlff1kf5fn

Email authentication strong

SPF

v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGtc+Y8KwBL5Y6dGMndf0dvNSy05oTVuh9ojcXPB46EmQg0vOALBLiqy/vN8fk3CF5pL/cuJLZA3zlIdZZzJ…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChnegDtWHBScDriuw9iZtAeeXmtTRFTBJjFvYxKf9YZm/jGsfJDmJ2J7Y/06gMtmdHWXrKaAJtrnPeetyI22…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEnz6k1uexonRn2ZZ6JnK7Z+nTw0maN5SLwublT3471gQE2LGGkJkUfiYp5aX8vu/QLAyMQHSBlLx5FncZ…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqFqpRfmdLM4e+vFbuGmKhfafuoWuSSft19s/SGsrmL0XysyHndPX26o4xVBhVOWfdEkRAJ4hrdEX2kpM/2d5zb5…

selectors probed

Certificate (current)

Amazon RSA 2048 M04

from 2026-01-26 to 2027-02-25

Expires in 282 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.mbta.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: base-uri 'none'; connect-src 'self' https://cdn.mbta.com *.arcgis.com analytics.google.com analytics.tiktok.com analytics-ipv6.tiktokw.us cdn.mbta.com px.ads.linkedin.com stats.g.doubleclick.net translate.googleapis.com translate-pa.googleapis.com www.google.com www.google-analytics.com www.googletagmanager.com o89189.ingest.us.sentry.io ws://www.mbta.com wss://www.mbta.com; default-src 'self'; font-src 'self' cdn.mbta.com; frame-src 'self' *.arcgis.com *.soundcloud.com *.vimeo.com cdn.knightlab.com data.mbta.com livestream.com vimeo.com www.instagram.com www.google.com www.googletagmanager.com www.youtube.com; img-src 'self' https://cdn.mbta.com *.arcgis.com *.google.com *.googleapis.com cdn.mbta.com data: i.ytimg.com fonts.gstatic.com googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com www.googletagmanager.com www.gstatic.com www.linkedin.com https://live-mbta.pantheonsite.io; script-src 'self' 'unsafe-eval' *.arcgis.com *.tableau.com cdn.mbta.com connect.facebook.net da
strict-transport-security: max-age=31536000