indexo.dev

norfolksouthern.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1231 ms crawled 2026-05-19

US · 151.101.3.10 · AS54113 Fastly, Inc.

Reputation 100/100

sector b2b services type homepage

HTML metadata

Title
NS | Norfolk Southern
Description
Since 1827, we've safely moved the goods and materials that keep America rolling. Norfolk Southern operates 24/7 in 22 states with connections across the globe.
Language
en
Canonical
https://www.norfolksouthern.com

Open Graph

url
https://norfolksouthern.com
title
NS
description
Since 1827, we've safely moved the goods and materials that keep America rolling. Norfolk Southern operates 24/7 in 22 states with connections across the globe.

Technology

Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Contact

Phone
Address
Street NWAtlanta, Georgia 30308

Registration

Registrar
Network Solutions, LLC
Created
2002-03-20
Expires
2029-03-20 1034 days left
Updated
2024-01-20
Name servers
  • ns.above.net
  • ns1.nscorp.com
  • ns12.customer.level3.net
  • ns2.nscorp.com

DNS records live

NS
  • ns.above.net
  • ns1.nscorp.com
  • ns12.customer.level3.net
  • ns2.nscorp.com
  • ns3-pd-ae15-cayman.nwk.nscorp.com
MX
  • 10 mxa-000bbb01.gslb.pphosted.com
  • 10 mxb-000bbb01.gslb.pphosted.com

Email authentication strong

SPF
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
softfail (~all)
DMARC
v=DMARC1;p=reject;rua=mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;fo=1;
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2026-03-31 to 2026-10-16
Expires in 148 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://norfolksouthern.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:;
strict-transport-security
max-age=31536000;

Links to (12)

Linked from (10)