indexo.dev

mortons.com

.com crawl

First seen 2026-04-30 · Last seen 2026-05-08 · ok HTTP/1.1 200 3091 ms crawled 2026-05-08

US · 151.101.1.75 · AS54113 Fastly, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Morton's The Steakhouse | The Best Steak Anywhere
Description
Enjoy the best steak anywhere at Morton's The Steakhouse. An upscale destination offering steaks, happy hour, fine dining, cocktails and more.
Language
en-US
Canonical
https://www.mortons.com/

Open Graph

url
https://www.mortons.com/
title
Morton's The Steakhouse | The Best Steak Anywhere
site name
Morton's The Steakhouse
description
Enjoy the best steak anywhere at Morton's The Steakhouse. An upscale destination offering steaks, happy hour, fine dining, cocktails and more.

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Third-party hosts loaded (13)
  • images.getbento.com×4
  • theme-assets.getbento.com×4
  • app-assets.getbento.com×3
  • www.googletagmanager.com×2
  • assets-cdn-refresh.getbento.com×1
  • cdnjs.cloudflare.com×1
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • media-cdn.getbento.com×1
  • widgets.resy.com×1
  • wsv3cdn.audioeye.com×1
  • www.google.com×1
  • www.gstatic.com×1

Social

Registration

Registrar
Network Solutions, LLC
Created
1996-06-26
Expires
2027-06-25 401 days left
Updated
2025-01-30
Name servers
  • brad.ns.cloudflare.com
  • khloe.ns.cloudflare.com

DNS records live

NS
  • brad.ns.cloudflare.com
  • khloe.ns.cloudflare.com
MX
  • 10 cluster9.us.messagelabs.com
  • 20 cluster9a.us.messagelabs.com
  • 30 mortons.com.s7a1.psmtp.com
  • 40 mortons.com.s7a2.psmtp.com
TXT
  • google-site-verification=cFaxWz3_9xgnpl2hooI4ZQXt3JUkq9RvMmzpJKiAM-w

Email authentication weak

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-24 to 2026-07-23
Expires in 65 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.mortons.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • cross-origin-opener-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * https://cdn.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; script-src-elem * https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * https://heapanalytics.com https://viewer.threshold360.com blob: data:; style-src 'self' * https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://c.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com wss://viewer.threshold360.com blob:; font-src 'self' * https://heapanalytics.com https://viewer.threshold360.com data:; frame-src 'self' * https://viewer.threshold360.com; worker-src * blob:; media-src * blob: data:; frame-ancestors 'self';
strict-transport-security
max-age=2592000; includeSubDomains
cross-origin-opener-policy
same-origin

Links to (9)

Linked from (1)