ontarioplace.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-06 · ok HTTP/1.1 200 5570 ms crawled 2026-05-08

CA · 148.113.200.80 · AS16276 OVH SAS

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Ontario Place - Home
Description: It’s ON at Ontario Place! Come explore this iconic waterfront location. Hours of operations are 6am – 11pm daily.
Language: en
Generator: WordPress 6.9.4
Canonical: https://ontarioplace.com/en/

Open Graph

url: https://ontarioplace.com/en/
title: Home
description: It’s ON at Ontario Place! Come explore this iconic waterfront location. Hours of operations are 6am – 11pm daily.

Technology

Server: Apache
CMS: WordPress

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (5)

ajax.googleapis.com×2
fonts.googleapis.com×2
www.googletagmanager.com×2
fonts.gstatic.com×1
www.facebook.com×1

Social

Contact

Phone

//416-314-9900

Registration

Registrar

easyDNS Technologies Inc.

Created

1995-03-03

Expires

2027-03-04 287 days left

Updated

2024-04-08

Name servers

edns2.gov.on.ca
edns3.gov.on.ca
edns4.gov.on.ca

DNS records live

NS

edns2.gov.on.ca
edns3.gov.on.ca
edns4.gov.on.ca

MX

0 ontarioplace-com.mail.protection.outlook.com

TXT

3ekgv94m4847u9i1bgq8c4p8f8
MS=5897A3056E0E396FF5F43020387FCA2FD2E28610

Verified for

Google
Microsoft 365

Email authentication weak

SPF

v=spf1 mx a ip4:67.71.247.162 include:servers.mcsv.net include:spf.protection.outlook.com -all

strict (-all)

DMARC

not published

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

R13

from 2026-03-11 to 2026-06-09

Expires in 19 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://ontarioplace.com/en/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer, strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: geolocation=(self "https://ontarioplace.com"), microphone=(self "https://ontarioplace.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.youtube.com youtube.com www.facebook.com facebook.com player.vimeo.com *.vimeocdn.com www.google-analytics.com *.typekit.net stats.g.doubleclick.net data: 'unsafe-eval' 'unsafe-inline' blob: ; worker-src data: 'unsafe-eval' 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com ajax.aspnetcdn.com cdnjs.cloudflare.com *.facebook.net *.typekit.net *.googleapis.com ajax.googleapis.com s3.amazonaws.com/downloads.mailchimp.com/ *.list-manage.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com *.typekit.net *.bootstrapcdn.com cdn.jsdelivr.net *.mailchimp.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com ajax.googleapis.com stats.g.doubleclick.net *.wpengine.com code.jquery.com; connect-src 'self' *.facebook.com *.facebook.com/tr/ analyti
strict-transport-security: max-age=63072000; includeSubdomains; preload

Links to (6)

Linked from (1)

lumos-project.xyz×2