indexo.dev

officialpayments.com

.com crawl

First seen 2026-04-18 · Last seen 2026-05-18 · ok HTTP/1.1 200 5318 ms crawled 2026-05-12

DE · 23.51.112.68 · AS16625 Akamai Technologies, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
ACI Payments, Inc. - Pay Taxes, Utility Bills, Tuition & More Online
Description
Pay your income tax, property tax, college tuition, utility and other bills online with a credit card, debit card or other convenient option.

Technology

CDN
Akamai
Analytics
  • Google Tag Manager
Ads
  • Google Ads (DoubleClick)

Third-party hosts loaded (3)

  • ad.doubleclick.net×1
  • privacy-policy.truste.com×1
  • www.googletagmanager.com×1

Registration

Registrar
MarkMonitor Inc.
Created
1999-10-04
Expires
2027-10-04 503 days left
Updated
2025-12-03
Name servers
  • a1-72.akam.net
  • a13-67.akam.net

DNS records live

NS
  • a1-72.akam.net
  • a13-67.akam.net
MX
  • 0 officialpayments-com.mail.protection.outlook.com
TXT
Show 5 TXT records
  • _ttn8b75yx28xwtl65qmhqv19vioudhm
  • MS=ms41680447
  • identrust_validate=FmMfQP/swSU++uKIEti8BXjFzuoAII+MXao4DGR0zv0g
  • MS=ms96494094
  • google-site-verification=vq6oVrD_-y_-pfVqMcKHSq3yeXXhVIODNebxNgD838U

Email authentication weak

SPF
v=spf1 include:spf.protection.outlook.com include:spf.messagelabs.com ip4:216.82.241.131 ip4:216.82.251.230 ip4:199.189.232.25 ip4:139.131.76.85 ip4:139.131.76.33 ip4:199.189.234.225 ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

DigiCert Global G3 TLS ECC SHA384 2020 CA1
from 2025-09-26 to 2026-09-29
Expires in 133 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.officialpayments.com/index.jsp

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
no-referrer, strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com http://flex.msn.com http://www.googleadservices.com https://seal.digicert.com https://seal.verisign.com https://www.google.com https://www.googleadservices.com https://app-ab16.marketo.com https://www.gstatic.com https://www.googletagmanager.com https://s.go-mpulse.net https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' http://localhost:9002 https://magtek.acipayonline.com:9002 *.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.officialpayments.com https://www.google.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://privacy-policy.truste.com https://seal.digicert.com *.google-analytics.com https://app-ab16.marketo.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://app-ab16.marketo.com; style-src 'self' 'unsafe-inline' https://app-ab16.marke
strict-transport-security
max-age=31536000 ; preload

Links to (3)

Linked from (3)