indexo.dev

mheducation.me

.me crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2469 ms crawled 2026-05-18

IE · 63.32.243.54 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
McGraw Hill Middle East
Description
McGraw Hill is a leading global education company that partners with millions of educators, learners and professionals around the world. Recognizing their diverse needs, we build trusted content, flexible tools and powerful digital platforms to help them achieve success on their own terms. Through our commitment to equity, accessibility and inclusion, we foster a culture of belonging that respects and reflects the diversity of the communities, learners and educators we serve.
Language
en

Technology

CMS
Gatsby
Analytics
  • Google Tag Manager

Third-party hosts loaded (6)

  • mheducation-mea.github.io×29
  • play.vidyard.com×2
  • info.mheducation.com×1
  • www.google.com×1
  • www.googletagmanager.com×1
  • www.gstatic.com×1

Social

DNS records live

NS
  • pdns85.ultradns.biz
  • pdns85.ultradns.com
  • pdns85.ultradns.net
  • pdns85.ultradns.org
TXT
  • 3TdgYOBrtEmTQyDqx8rAARifwezwzxJdewpLDNxKXAc
  • google-site-verification=J4o36wyJ_kiNy0VgVJt8vxHkbmHllggR7GsJBhhdKv4

Email authentication no MX

SPF
v=spf1 -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

Amazon RSA 2048 M01
from 2026-03-30 to 2026-10-14
Expires in 147 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.mheducation.me/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: 'self' data: cdn.honey.io www.mheducation.co.uk assets.merci-app.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.bunny.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com shopping.qantas.com www.mhprofessional.com *.wistia.com player.flipsnack.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.mheducation *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube.com *.yo
strict-transport-security
max-age=31536000; includeSubDomains

Links to (8)

Linked from (6)