indexo.dev

merlot.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 2047 ms crawled 2026-05-18

US · 54.71.97.148 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
MERLOT
Language
en

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • fonts.googleapis.com×2
  • www.googletagmanager.com×1

Social

Contact

Email

Registration

Registrar
Network Solutions, LLC
Created
1999-10-19
Expires
2026-10-19 153 days left
Updated
2025-10-12
Name servers
  • ns-1206.awsdns-22.org
  • ns-1581.awsdns-05.co.uk
  • ns-443.awsdns-55.com
  • ns-995.awsdns-60.net

DNS records live

NS
  • ns-1206.awsdns-22.org
  • ns-1581.awsdns-05.co.uk
  • ns-443.awsdns-55.com
  • ns-995.awsdns-60.net
MX
  • 10 mxa-007b5a01.gslb.pphosted.com
  • 10 mxb-007b5a01.gslb.pphosted.com
  • 100 merlot-org.mail.protection.outlook.com
TXT
  • MS=ms30173879

Email authentication weak

SPF
v=spf1 mx include:spf.protection.outlook.com ip4:137.145.21.114 ip4:137.145.160.16 ip4:52.151.58.97 ip4:52.151.23.186 include:ironportspf.calstate.edu -all include:amazonses.com -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Sectigo RSA Domain Validation Secure Server CA
from 2025-05-16 to 2026-06-16
Expires in 28 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://www.merlot.org/merlot/index.htm

present
  • content-security-policy
  • x-content-type-options
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: https://*.googleapis.com https://apis.google.com https://accounts.google.com https://*.googletagmanager.com https://www.google.com *.addthis.com https://*.facebook.com *.facebook.com https://*.linkedin.com https://platform.twitter.com platform.twitter.com *.pinterest.com https://www.google-analytics.com; connect-src 'self' https://translate.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' translate.googleapis.com *.addthis.com https://*.googletagmanager.com *.addthisedge.com *.pinterest.com https://www.google.com https://translate.google.com https://ajax.googleapis.com https://www.gstatic.com https://apis.google.com apis.google.com https://accounts.google.com https://translate.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.facebook.com https://platform.twitter.com *.facebook.com platform.twitter.com https://*.linked

Links to (4)

Linked from (11)