mullvad.net

HTML metadata

Title

Mullvad VPN - Privacy is for the people

Description

Free the internet from mass surveillance and censorship. Fight for privacy with Mullvad VPN and Mullvad Browser.

Language

en

Canonical

https://mullvad.net

Translations

ar
da
de
en
es
fa
fi
fr
it
ja
ko
nl
no
pl
pt
ru
sv
th
tr
uk
zh-hans
zh-hant

Feeds

Atom 0.3 Atom
RSS RSS

Open Graph

url: https://mullvad.net/en
title: Mullvad VPN - Privacy is for the people
site name: Mullvad VPN
description: Free the internet from mass surveillance and censorship. Fight for privacy with Mullvad VPN and Mullvad Browser.

Technology

Server: nginx
CMS: Gatsby

Social

Contact

Email

support@mullvadvpn.net

Phone

53049400 14

Address

Mullvad VPN ABBox 53049400 14 GothenburgSweden

Registration

Registrar

Domeneshop AS dba domainnameshop.com

Created

2008-07-10

Expires

2026-07-10 52 days left

Updated

2025-05-30

Name servers

ns1.mullvaddns.net
ns2.mullvaddns.net
ns3.mullvaddns.net
ns4.mullvaddns.net

DNS records live

NS

ns1.mullvaddns.net
ns2.mullvaddns.net
ns3.mullvaddns.net
ns4.mullvaddns.net

MX

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
30 alt2.aspmx.l.google.com
40 aspmx2.googlemail.com
50 aspmx3.googlemail.com

TXT

Show 5 TXT records

gradle-verification=54GHA74UUTS2760IGPVSUPJ9LE6I6
atlassian-domain-verification=xOPm1CvufMcUMKi8KR/Q1i69lUU6WBai4zpIFVQcBszhnTja6HPyIsw2jz/1ABSP
google-site-verification=T6j3fHOnwX8sOP55jYtYfVH2J27u9rIY8kM9ApBzBXQ
yandex-verification: f0e9a23691826011
bunny:303437

Email authentication strong

SPF: v=spf1 ip4:193.138.218.78 ip4:193.138.218.77 ip4:193.138.218.76 ip4:193.138.218.75 ip4:185.213.154.79 ip4:45.129.56.122 ip4:45.83.222.71 ip4:45.83.222.80 ip4:45.129.56.118 include:_spf.google.com -all
strict (-all)
DMARC: v=DMARC1; p=reject; rua=mailto:azrlj0xm@ag.eu.dmarcian.com, mailto:dmarc@mullvad.net; ruf=mailto:azrlj0xm@fr.eu.dmarcian.com, mailto:dmarcforensics@mullvad.net; rf=afrf; sp=reject; fo=1; pct=100; ri=86400; adkim=s; aspf=s
policy: reject (enforced) · sp=reject
DKIM: no key found at common selectors

Certificate (current)

E7

from 2026-04-20 to 2026-07-19

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://mullvad.net/en

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src https://js.stripe.com https://newassets.hcaptcha.com https://www.paypal.com; font-src 'self' data:; img-src 'self' data: https://www.paypalobjects.com https://media.mullvad.net; media-src 'self' https://media.mullvad.net; object-src 'none'; script-src 'self' https://js.stripe.com https://js.hcaptcha.com https://newassets.hcaptcha.com https://www.paypal.com 'unsafe-hashes' 'sha256-7dQwUgLau1NFCCGjfn9FsYptB6ZtWxJin6VohGIu20I=' 'nonce-Zr6UuF1JiKiZUi9vi1n9aA=='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; connect-src 'self' https://*.mullvad.net
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin