indexo.dev

ordway.org

.org crawl

First seen 2026-04-21 · Last seen 2026-05-18 · ok HTTP/1.1 200 1116 ms crawled 2026-05-14

US · 75.2.60.5 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Ordway Center for the Performing Arts
Description
Recognized as one of the U.S.’s leading not-for-profit performing arts centers, the Ordway is home to a wide variety of performances that encompass the finest in Broadway theater, music, dance, and vocal artists in its Music Theater and Concert Hall.
Language
en
Canonical
https://ordway.org/

Open Graph

site name
Ordway

Technology

CDN
Netlify
CMS
Nuxt
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (3)

  • cloud.typography.com×4
  • use.typekit.net×4
  • www.googletagmanager.com×1

Social

Contact

Phone
Address
Street Saint Paul, MN 55102

Registration

Registrar
GoDaddy.com, LLC
Created
1995-05-28
Expires
2026-05-27 8 days left
Updated
2025-07-11
Name servers
  • ns21.domaincontrol.com
  • ns22.domaincontrol.com

DNS records live

NS
  • ns21.domaincontrol.com
  • ns22.domaincontrol.com
MX
  • 0 mx-01-us-west-2.prod.hydra.sophos.com
  • 10 mx-02-us-west-2.prod.hydra.sophos.com
TXT
Show 11 TXT records
  • facebook-domain-verification=lhr1rkfcii4x6vae5v3b2vm87shmhx
  • 104.198.14.52
  • google-site-verification=phdtsv4aw1u6ol1kkgu1ajnnfza9vv3omsysbfl
  • k=rsa
  • google-site-verification=eKP5hYjSVUU7CgdbVsU8ZAGO0zBTr0Z4VQFMhgbrhfI
  • jzrs2zbdntljqytpfwm06l203sjcdxsg
  • duo_sso_verification=3FE0vkRrd4WOGzjEiRAge8YDizYp8HShW4cBLM5LfKIDE5l5ZwXFRUOtKokjeBM8
  • yahoo-verification-key=7H4HJUcMcXDDiyssWbuzBs8Dx2tPu8fwRjMdFRSn21Y=
  • atlassian-domain-verification=1vOSsRGTGQLBVXz1ENay5XGL2DGBeavralU7oOz5bXgOns0Za2UoFKgmzezwmAPl
  • cisco-ci-domain-verification=185f376d8c2b626f317e9b94d6702db2cba8f9a352e1434f080cd17b2bdb3a6
  • sophos-domain-verification=02851f566b395c71b648dc4ae3996c3530158015d0d04d9f56849c7657509bc9

Email authentication partial

SPF
v=spf1 ip4:209.237.115.64/27 ip4:74.200.12.0/32 ip4:74.200.12.248/30 ip4:68.178.95.64/27 include:_spf.prod.hydra.sophos.com include:spf.protection.outlook.com include:_spf.psm.knowbe4.com include:_spf.createsend.com include:_spf.audienceview.net -all
strict (-all)
DMARC
v=DMARC1; p=none; fo=0; adkim=r; aspf=r; sp=none; rua=mailto:dmarc_agg@vali.email
policy: none (monitoring only) · sp=none
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTK0h38U6EijtVHvmMce3Dg2P43HuHhvSm0goMu04qJ/ow/yLP+qoUqPhF3YsE1KPvEMcvH76Sw3qCP3LuQ7…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WlRQO8p1bQfyoyeYwse1pegZ1CXxcCVQ4Kau67C4rpC9GY4oOVEIlm5DTcj8dyZiMUKYEfqmrOyqm…
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

E8
from 2026-04-30 to 2026-07-29
Expires in 71 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://ordway.org/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing Permissions Policy
Header values
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; default-src 'self'; script-src 'nonce-NdtVnSLOA5Dug5km2UPAwyqJujzdtGZ5' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'report-sample' browser-update.org googleads.g.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net tags.tiqcdn.com; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com cdn-images.mailchimp.com p.typekit.net use.typekit.net cloud.typography.com; object-src 'none'; connect-src 'self' blob: data: *.contentful.com createsend.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com kayofthejungle.com *.spotify.com *.taboola.com *.tiktok.com *.tiktokw.us; font-src 'self' data: fonts.gstatic.com use.typekit.net; frame-src 'self' 4380787.fls.doubleclick.net t
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin

Links to (5)

Linked from (5)