indexo.dev

nfcacf.org

.org crawl

First seen 2026-04-14 · Last seen 2026-05-06 · ok HTTP/1.1 200 3901 ms crawled 2026-05-08

BA · 45.156.248.29 · AS200698 Globalhost d.o.o.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Home - NFCACF
Description
A nonprofit Croatian American organization established to foster public change for the Croatian diaspora, and provide a positive outlook about Croatia through
Language
en-US
Generator
Powered by WPBakery Page Builder - drag and drop page builder for WordPress.
Canonical
https://nfcacf.org/
Feeds

Open Graph

url
https://nfcacf.org/
title
Home - NFCACF
locale
en_US
site name
NFCACF
description
A nonprofit Croatian American organization established to foster public change for the Croatian diaspora, and provide a positive outlook about Croatia through
updated time
2026-05-06T12:20:55+00:00

Technology

Server
Apache
CMS
WordPress
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • fonts.googleapis.com×3
  • fonts.bunny.net×2
  • static.addtoany.com×2
  • gmpg.org×1
  • www.google.com×1

Social

Registration

Registrar
Bluehost Inc.
Created
2011-06-08
Expires
2026-06-08 20 days left
Updated
2025-05-29
Name servers
  • ns1.galopdigital.com
  • ns2.galopdigital.com

DNS records live

NS
  • ns1.galopdigital.com
  • ns2.galopdigital.com
MX
  • 0 nfcacf.org

Email authentication strong

SPF
v=spf1 +a +mx +ip4:45.156.248.0/24 +ip4:185.164.34.17 +ip4:185.164.34.18 ~all
softfail (~all)
DMARC
v=DMARC1;p=quarantine;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:admin@nfcacf.org;ruf=mailto:admin@nfcacf.org
policy: quarantine · sp=none
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4l4jCbSWvK1NHxmZK4MOiMOrR9l7/IheSroextV6Iwortet91StCzb0/B71p9pl7zG00O1DPh0Sa+5…
selectors probed

Certificate (current)

R13
from 2026-05-08 to 2026-08-06
Expires in 79 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://nfcacf.org/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://*.addtoany.com/; img-src 'self' data: blob: https://www.paypalobjects.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/;

Links to (7)

Linked from (1)