oreo.com

HTML metadata

Technology

CDN

Cloudflare

CMS

Shopify

Fonts

• Google Fonts

Third-party hosts loaded (5)

• cdn.shopify.com×119
• images.ctfassets.net×42
• fonts.googleapis.com×1
• fonts.gstatic.com×1
• shop.app×1

Registration

Registrar

CSC Corporate Domains, Inc.

Created

1996-12-18

Expires

2026-12-17 211 days left

Updated

2025-12-14

Name servers

• dns1.cscdns.net
• dns2.cscdns.net

DNS records live

NS

• dns1.cscdns.net
• dns2.cscdns.net

MX

• 10 mx1.emailsrvr.com
• 20 mx2.emailsrvr.com

TXT

Show 5 TXT records

• google-site-verification=6Gw4TDMtU4FC6CLS_eK58h-zugYr8sAx9AHLKQhvDCM
• google-site-verification=9Weo8vBjYhHhFJrM_JQEh5KueakDKmbJY6OuvJoVK3o
• google-site-verification=HatPDB_pZzLYsBbrOhhevYA84gHxn1qBvs_Qef7Fhio
• klaviyo-site-verification=U5Rzxm
• osfsitecore-146650-cd.azurewebsites.net

Email authentication strong

SPF

v=spf1 include:emailsrvr.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com

policy: reject (enforced)

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.oreo.com/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing Referrer Policy
• missing Permissions Policy

Links to (2)

• mondelezinternationalfoodservice.com×3
• onetrust.com×3

Linked from (5)

• mondelezawayfromhome.com×3
• mdlzvending.com×3
• snackworks.com×3
• foodservice-snacks-desserts.com×2
• foodpolitics.com×1