ntu.org

.org crawl

First seen 2026-04-13 · Last seen 2026-05-14 · ok HTTP/1.1 200 3987 ms crawled 2026-05-07

US · 74.217.243.83 · AS10913 Unitas Global

Reputation 84/100 permissive spf dmarc monitor-only

sector nonprofit type homepage

HTML metadata

Title: National Taxpayers Union
Description: The Voice of America's Taxpayers.
Language: en
Canonical: https://www.ntu.org

Open Graph

url: https://www.ntu.org
title: National Taxpayers Union
site name: National Taxpayers Union
description: The Voice of America's Taxpayers.

Technology

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Email

Phone

7036835700

Address

Street NWSuite 700Washington, DC 20001

Registration

Registrar

Network Solutions, LLC

Created

1995-10-20

Expires

2030-10-19 1614 days left

Updated

2025-08-27

Name servers

ns1.lexi.net
ns2.lexi.net

DNS records live

NS

ns1.lexi.net
ns2.lexi.net

MX

1 smtp.google.com
20 aspmx.l.google.com

TXT

Show 4 TXT records

ppe-532a345a1a2c514786a3
google-site-verification=0Dnby8xCy2vPsvlH_Cy47iGcSrjUzusyefcsxJuRyNc
google-site-verification=kj7P9SHBO-8K-xZ_DQawB2MrT7ST_v8jkLVv4bLQR3M
google-site-verification=1vCEcF-Ao_xHHoaVlkftytPpDoDtW2e-OzqvIgPy4As

Email authentication partial

SPF

v=spf1 include:outboundmail.convio.net include:eresources.ws include:8131947.spf08.hubspotemail.net include:_spf.google.com include:servers.mcsv.net include:_spf.salesforce.com a:dispatch-us.ppe-hosted.com~all

permissive (+all) — anyone can send as this domain

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEVXcOPajuPza/93qnwcNt3dSVFGTsyPcvEWNxPqHfTlenvlZnTnAgBTaN2hm7LwQq8WPnTMBSbUke…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R12

from 2026-03-27 to 2026-06-25

Expires in 37 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.ntu.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection
missing Permissions Policy

Header values

referrer-policy: no-referrer,no-referrer-when-downgrade,origin,origin-when-cross-origin,same-origin,strict-origin,strict-origin-when-cross-origin,unsafe-url, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://*.sharethis.com/ https://p2a.co/ *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.facebook.net *.google-analytics.com *.google.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://p2a.co/js/embed/widget/advocacywidget.min.js https://*.google.com https://www.googletagmanager.com/ https://svc.webspellchecker.net/ https://loader.webspellchecker.net/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.sharethis.com/ https://e.infogr.am/; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://svc.webspellchecker.net/ https://*.sharethis.com/; object-src 'self' https://playlist.podbean.com; frame-ancestors 'self' https://www.googletagmanager.com/
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains