indexo.dev

ontadahealth.com

.com crawl

First seen 2026-04-28 · Last seen 2026-05-18 · ok HTTP/1.1 200 1748 ms crawled 2026-05-06

US · 45.60.73.181 · AS19551 Incapsula Inc

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Ontada Health
Description
Ontada Health
Language
en

Technology

Server
istio-envoy

Third-party hosts loaded (1)

  • cdnjs.cloudflare.com×2

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2020-04-02
Expires
2027-04-02 317 days left
Updated
2026-03-29
Name servers
  • ep1ns01.mckesson.com
  • ep1ns02.mckesson.net
  • ep1ns03.mckesson.org
  • ep1ns04.mckesson.com
  • ep2ns01.mckesson.com
  • ep2ns02.mckesson.net
  • ep2ns03.mckesson.org

DNS records live

NS
  • ep1ns01.mckesson.com
  • ep1ns02.mckesson.net
  • ep1ns03.mckesson.org
  • ep1ns04.mckesson.com
  • ep2ns01.mckesson.com
  • ep2ns02.mckesson.net
  • ep2ns03.mckesson.org
MX
  • 10 mx0a-0016dd01.pphosted.com
  • 10 mx0b-0016dd01.pphosted.com
TXT
  • ms-domain-verification=9fda318d-ae21-43bc-b2f8-9bc70256465c

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;fo=1;pct=100;rf=afrf;ri=86400;rua=mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: reject (enforced) · sp=reject
DKIM
no key found at common selectors

Certificate (current)

GlobalSign Atlas R3 DV TLS CA 2025 Q4
from 2025-12-05 to 2026-06-03
Expires in 14 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.ontadahealth.com/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-eval' unpkg.com https://edge.fullstory.com/ ontadahealth.com cdnjs.cloudflare.com https://www.onelink-edge.com/ 'sha256-f1wzhPCR9hIgZAJ4DusoK6+uEGBGCSNcO/XmKa03Fvs=' 'sha256-d+XiDBXqrAQI7R8KVX9uRAtkHJWNmURyG9QF6TM0bz8=' 'sha256-sJcX1AMVlN5IqgRI8YTbQ81exc9VcDzIvfbbyPlqI+k=' 'sha256-e4C1W9Q8zxvTCRghNiwuQWxrF41hUtZuWeEgSwViRWw='; base-uri 'self'; frame-src 'self'; worker-src 'self' blob:; font-src 'self' fonts.gstatic.com global.oktacdn.com; manifest-src 'self'; img-src 'self' global.oktacdn.com developer-portal.ontada.com www.texomashomepage.com blob: data:; object-src 'self' blob:; child-src 'none'; media-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com global.oktacdn.com; connect-src 'self' https://edge.fullstory.com/ cdnjs.cloudflare.com https://www.onelink-edge.com/ api.zippopotam.us browsersl.ist rs.fullstory.com *.dynatrace.com identity.ontadahealth.com interopio.ontada.com g2fhir.mckesson.com stgmcpprod.blob.core.windo

Linked from (1)