mercurynews.com

HTML metadata

Title

The Mercury News - Bay Area news, sports, business, entertainment, lifestyle and commentary

Description

The Mercury News is the leading source of breaking news, local news, sports, business, entertainment, lifestyle and opinion for Silicon Valley, San Francisco Bay Area and beyond

Language

en-US

Generator

WordPress 6.9.4

Canonical

https://www.mercurynews.com

Feeds

Open Graph

url: https://www.mercurynews.com
title: The Mercury News
locale: en_US
site name: The Mercury News
description: Bay Area News, Sports, Weather and Things to Do

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Cookie consent

Osano

Fonts

Google Fonts

Third-party hosts loaded (19)

fonts.googleapis.com×3
htlbid.com×3
ajax.googleapis.com×2
applepay.cdn-apple.com×2
cdn.jsdelivr.net×2
cdn.parsely.com×2
cdn.sophi.io×2
cmp.osano.com×2
prodmg2.blob.core.windows.net×2
stats.wp.com×2
accounts.google.com×1
cdn.auth0.com×1
cdn.cityspark.com×1
cdn.p-n.io×1
delivery.revcontent.com×1
fonts.gstatic.com×1
v0.wordpress.com×1
wp.me×1
www.googletagmanager.com×1

Registration

Registrar

CSC Corporate Domains, Inc.

Created

1996-08-19

Expires

2026-08-18 89 days left

Updated

2026-04-06

Name servers

ns-1021.awsdns-63.net
ns-1070.awsdns-05.org
ns-114.awsdns-14.com
ns-1650.awsdns-14.co.uk

DNS records live

NS

ns-1021.awsdns-63.net
ns-1070.awsdns-05.org
ns-114.awsdns-14.com
ns-1650.awsdns-14.co.uk

MX

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx2.googlemail.com
30 aspmx3.googlemail.com

TXT

Show 13 TXT records

llib6qvjasng0m5c7562bvdl78
knowbe4-site-verification=a9ce6449edf2d51c41eed1f3517d26f9
m5qr4jpvbhj6i96vu42ongro1k
1lhc1bmucsjp7q8b91t87nhm01.
tollbit-domain-verification=8203027deba5d6dc21912ea0658c7c1adf927e9798c2f6bcfacdbacc694dccbf
tb02sb7m6lidjb74qlclp0nq29
6vomq0c163icdj3t46dm5ik0f3
3mmibbsavpv6o2hkq39uqhsr49
17vm7b9n6t7l4r697abed5mt5j
l33i9ps6uk6nrl89kmadg4ms3d
1lhc1bmucsjp7q8b91t87nhm01
s0jia8r3orr0ohg55gr7ok29vh
36ailchom7s11o20nu6uqgo69o

Verified for

GlobalSign
Google
Meta

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:_spfbang.digitalfirstmedia.com include:amazonses.com include:spf.clearslide.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; pct=20

policy: quarantine · pct=20

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4v+RVXn8u3bnfb81DrUGWhDkU8Kpp3IF4ekHywo4ftILU0h3dra5F0pvDKq7EHk5t80Q8BXiPuFa/aaz8ao…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ9x1jzUNAcglU3clDtWOoAdsUwJUvxu0VBiyhQDM95789BlhzTisQyg31s7bQxWBgSpIhpKnb1dQBjTGd…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCiERgp4gp/3wYoYqsIJVFRh/6oFTxkRNrlf9nTUuWk7eO977a9GBso8arcAlmoCs+P6T+40f0zrvoFr/B3HQplE…

selectors probed

Certificate (current)

E7

from 2026-04-08 to 2026-07-07

Expires in 47 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.mercurynews.com/

present

strict-transport-security
content-security-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content;
strict-transport-security: max-age=31536000;includeSubdomains