mlssoccer.com

HTML metadata

Title: MLSsoccer.com - The Official Site of Major League Soccer
Description: All the latest MLS news, scores, stats, standings and highlights. Plus special coverage of US Soccer and Canada Soccer.
Language: en
Canonical: https://www.mlssoccer.com/

Open Graph

url: https://www.mlssoccer.com/
title: mlssoccer
locale: en-US
site name: mlssoccer
description: All the latest MLS news, scores, stats, standings and highlights. Plus special coverage of US Soccer and Canada Soccer.

Technology

CMS: Gatsby

Ads

Google Ads (DoubleClick)
Meta Pixel

Third-party hosts loaded (8)

res.cloudinary.com×2
storage.googleapis.com×2
connect.facebook.net×1
cookie-cdn.cookiepro.com×1
fevo-enterprise.com×1
offer.fevo.com×1
securepubads.g.doubleclick.net×1
static.srcspot.com×1

Social

Registration

Registrar

CSC Corporate Domains, Inc.

Created

2001-05-20

Expires

2026-10-05 138 days left

Updated

2025-09-30

Name servers

pdns1.ultradns.net
pdns2.ultradns.net
pdns3.ultradns.org
pdns4.ultradns.org
pdns5.ultradns.info
pdns6.ultradns.co.uk

DNS records live

NS

ns48.ultradns2.com
ns48.ultradns2.org
pdns1.ultradns.net
pdns2.ultradns.net
pdns3.ultradns.org
pdns4.ultradns.org
pdns5.ultradns.info
pdns6.ultradns.co.uk

MX

5 mxa-0022f401.gslb.pphosted.com
5 mxb-0022f401.gslb.pphosted.com

TXT

Show 22 TXT records

MS=ms10548574
_ka7e18ivgpy91cat97xnsuf3r89pp6t
openai-domain-verification=dv-J3jEki7zAVoFGRXVXRiTy6zq
google-site-verification=jmUduz1N1Dp9Rqy1zY-ygFuXAyBAH0u2qIbOOmXof3E
canva-site-verification=EdgyCoqd66186LlN2Od0Vw
google-site-verification=vjJ65UzWPDYz1CPZuGbY-4lkLd3FaOiO__OMtu1l0oo
adobe-idp-site-verification=bf8d5bb2-cd1f-4a58-ab0b-8dc3d607cf02
google-site-verification=N4oCKIH-3U431xQd78fcbLmNeB33MzTLkx9AxG1RKbI
facebook-domain-verification=4rqytt15kr767wn59dtiu1vkhvy47y
atlassian-domain-verification=cPoDAGn9o0XBCm10W/LHA7bJ1FZMyLjdLp4/FGOhy9c4VIgd6MxyipYjHN7Y/2VR
_f48wbqa8pic2fscbdujn3ygpb43ebit
apple-domain-verification=HYPwPV3S77HNqrf8
Apj7CmPRMC4kinUDJB1+ywb+7vuCc/Rbexk78f9vNsZ+ZYuk27axckTFF/hwK/8x/hkPGUwv+SYYIbk2hUh/hA==
_globalsign-domain-verification=DBaIfP_mntvf7lhLDafxaeavgGPwZT7YLPqIT6OfPA
google-site-verification=kDKGha8yk3_fc2BRsZ81UsRildm6EeHt3x9n0hyUsbk
docusign=85ba1125-c96b-4491-a258-84a7ce458b56
google-site-verification=HDfExAwa6yj-UBgehZytLipNbX87eKAoOcRAV83AIns
logmein-verification-code=mtGyREfxsKcVhGmbd41H8lIRt
fq67c02b9u8hparkt4rd3o2sm6
onetrust-domain-verification=2b5873ba4464499eb4bfab7b8f2a0b24
google-site-verification=Vwsz7P4B24J9CtxYNmB3jfa7H841eLjgA8o1mDf2EyI
slack-domain-verification=Jsd2ViFxi7NUB9Xshel9CVOEyguxjDYRckzrS2nP

Email authentication strong

SPF

v=spf1 include:_s00952077.autospf.email -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:61019154017e856@rep.dmarcanalyzer.com,mailto:mlsemailsecurity@mlssoccer.com; ruf=mailto:61019154017e856@for.dmarcanalyzer.com,mailto:mlsemailsecurity@mlssoccer.com; fo=1;

policy: reject (enforced)

DKIM

Show 4 DKIM selectors

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo/J62JObn1vqkszcrXBQP9QB+LRZZDFLp+OCWA1XS3UV3aFn2SajmORl66HJB6YqeesolAMS953GreAQ3OA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zYeXOuEhYH8hptQ0sa4ez0gtGuH2FzlddTiSIb3Qdlw3pqfZ/L8+2SPcSwT5kkUi8CzG8wmrHJRW2Pt6O…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWtpKOB9pvtgV80mL/xl11erpoKL2KHKz6rDCAyXxjaH1wDTLahR/ycBwje+iQOg8GjC2B8qM8JXONWSSZ85aJ9+…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

R13

from 2026-05-13 to 2026-08-11

Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.mlssoccer.com/

present

strict-transport-security
content-security-policy
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline';
strict-transport-security: max-age=15768000 ; includeSubDomains