mmcarnot.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 4818 ms crawled 2026-05-19

US · 45.60.115.95 · AS19551 Incapsula Inc

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title

Home | M&M Carnot

Description

Our vision is to create and develop global refrigeration systems across all industries that are respectful of the environment. We strive to ensure that every client has the option of using natural refrigerants instead of synthetic refrigerants that are harmful to the planet. That’s why we’re committed to eco-friendly refrigerants, including Ammonia, Cascade Ammonia- CO2, and Transcritical CO2.

Language

en-US

Generator

WPML ver:4.9.2.1 stt:1,4;

Canonical

https://mmcarnot.com/

Feeds

M&M Carnot » Feed RSS
M&M Carnot » Comments Feed RSS

Open Graph

url: https://mmcarnot.com/
title: M&M Carnot
locale: en_US
site name: M&M Carnot
description: At M&M Carnot, our mission is to cool the world by providing customers with natural refrigerationsolutions, systems, and controls that are innovative,safe, and sustainable for people and our planet.

Technology

Server: Apache
CMS: WordPress

Cookie consent

TrustArc

Third-party hosts loaded (1)

consent.trustarc.com×3

Social

Contact

Address: , , USA

Registration

Registrar

Abion AB

Created

2021-04-24

Expires

2027-04-24 339 days left

Updated

2026-04-17

Name servers

a.portsdns.se
b.portsdns.net

DNS records

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:aspmx.pardot.com include:spf.smtp2go.com ~all

softfail (~all)

DMARC

v=DMARC1;p=none;fo=1;ri=3600;rua=mailto:jci@rua.agari.com;ruf=mailto:jci@ruf.agari.com

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBHduJ+qZ6GJgP58ooOC90jq35Lbmut0COcgCmGhHsxoAMBshpjrFPMvLEoR2hP6fh/Z9Seio0mEY6…

selectors probed

Certificate (current)

GlobalSign Atlas R3 DV TLS CA 2025 Q4

from 2026-01-16 to 2026-07-15

Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://mmcarnot.com/

present

content-security-policy
content-security-policy-report-only

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'none'; child-src blob:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' 'nonce-3516d7ad30' 'nonce-a1055c47f4' 'nonce-41e17562dc' 'nonce-4619fd02b8' 'nonce-d9c01b3e3e' 'nonce-e17d5971f3' 'nonce-7f331097ac' 'nonce-672bb7fcbe' 'nonce-142d0f1616' 'nonce-b036def9dd' 'nonce-13fa82eb84' 'strict-dynamic'; base-uri 'self'; connect-src 'self' ws://localhost:35729/livereload http: https:; img-src 'self' www.googletagmanager.com http: https: *.gravatar.com *.pricespider.com/* blob: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com; media-src 'self' https:; frame-src *.facebook.com *.youtube.com *.trustarc.com; manifest-src 'self';
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report