indexo.dev

michiganair.com

.com crawl

First seen 2026-05-11 · Last seen 2026-05-17 · ok HTTP/1.1 200 24615 ms crawled 2026-05-17

US · 128.24.112.224 · AS8075 Microsoft Corporation

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Michigan Air Products | HVAC Solutions
Description
Michigan Air Products is a leading manufacturer representative for commercial/industrial HVAC solutions.

Technology

Server
Microsoft-IIS
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (4)

  • use.typekit.net×1
  • www.facebook.com×1
  • www.google.com×1
  • www.googletagmanager.com×1

Social

Contact

Email
Phone

Registration

Registrar
GoDaddy.com, LLC
Created
1996-11-15
Expires
2028-11-14 908 days left
Updated
2026-03-06
Name servers
  • ns55.domaincontrol.com
  • ns56.domaincontrol.com

DNS records live

NS
  • ns55.domaincontrol.com
  • ns56.domaincontrol.com
MX
  • 1 d100667a.ess.barracudanetworks.com
  • 1 d100667b.ess.barracudanetworks.com

Email authentication strong

SPF
v=spf1 mx a ip4:208.85.196.99/29 include:spf.protection.outlook.com include:spf.ess.barracudanetworks.com ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; fo=1; rua= mailto:rua+michiganair.com@dmarc.barracudanetworks.com, mailto:dmarc@t503zcuw.uriports.com; ruf=mailto:ruf+michiganair.com@dmarc.barracudanetworks.com
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv455Bd2o97sdp75SV/ovQ2K18zTenxZzR3afTF7QCZFqBiOCrryu8+nJK/Z7qgOdBo30jrwcb6BKTa…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuqpzjZDclmD325ZIy6EInyw4luefh1ldCOfTvKIO+VpNeQKJ0qbZZL7Q+AES2minLO/w5Xserc0En…
selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2
from 2026-01-07 to 2027-02-08
Expires in 264 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.michiganair.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.callrail.com connect.facebook.net use.typekit.net www.google.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.com *.doubleclick.net; font-src 'self' data: fonts.gstatic.com use.typekit.net; frame-src 'self' about:blank *.google.com; img-src 'self' data: connect.facebook.net p.typekit.net www.facebook.com www.googletagmanager.com *.google.com *.doubleclick.net; manifest-src 'self'; media-src 'self'; worker-src 'none';

Links to (6)

Linked from (1)