orovillemr.com
HTML metadata
Technology
- Server
- nginx
- CMS
- WordPress
- Analytics
-
- Google Tag Manager
- Cookie consent
-
- Osano
- Fonts
-
- Google Fonts
Third-party hosts loaded (20)
- fonts.googleapis.com×3
- htlbid.com×3
- ajax.googleapis.com×2
- applepay.cdn-apple.com×2
- cdn.jsdelivr.net×2
- cdn.parsely.com×2
- cdn.sophi.io×2
- cmp.osano.com×2
- interactives.ap.org×2
- prodmg2.blob.core.windows.net×2
- stats.wp.com×2
- accounts.google.com×1
- cdn.auth0.com×1
- cdn.cityspark.com×1
- cdn.p-n.io×1
- delivery.revcontent.com×1
- fonts.gstatic.com×1
- v0.wordpress.com×1
- wp.me×1
- www.googletagmanager.com×1
Registration
- Registrar
- CSC Corporate Domains, Inc.
- Created
- 1997-10-09
- Expires
- 2026-10-08 142 days left
- Updated
- 2026-03-26
- Name servers
-
- ns-1019.awsdns-63.net
- ns-1220.awsdns-24.org
- ns-1679.awsdns-17.co.uk
- ns-503.awsdns-62.com
DNS records live
- NS
-
- ns-1019.awsdns-63.net
- ns-1220.awsdns-24.org
- ns-1679.awsdns-17.co.uk
- ns-503.awsdns-62.com
- MX
-
- 10 aspmx.l.google.com
- 20 alt1.aspmx.l.google.com
- 20 alt2.aspmx.l.google.com
- 30 aspmx2.googlemail.com
- 30 aspmx3.googlemail.com
- TXT
-
Show 14 TXT records
uhgdoffb73h0e608tfk052nk65uqnitusg0scqhg3ts7mrv2s2rj36ailchom7s11o20nu6uqgo69o3mmibbsavpv6o2hkq39uqhsr49_globalsign-domain-verification=0TyIZcbLmgSwoVohQ9GWaLbZq22eAkpviTlcN7JXo3aslt820givt06ua5qjmkutdm4bcelcm38kqnnjr1sjgc4p47ddvke4257juqqbf3ell52c4bcc435pglobalsign-domain-verification=wdsjy5b1d3sGjlpf2ZSfdpjPcsNrXC_iOKH4GEnR0_google-site-verification=CPCLHgCgjXIzNTXjfrjX_Vp1lZ9gOOwypM2Ll5mrBYUgoogle-site-verification=a4DVA-v6_1KE1zGaOB5cOjZNzXoacmvYhhkDQn0KTDQgoogle-site-verification=pF5m__XduDA9jAH5aFJuxdpoyccn0HtSzDU-5n3ghaYknowbe4-site-verification=90309b4eacebd82470e924deb428c541llib6qvjasng0m5c7562bvdl78
Email authentication weak
- SPF
-
v=spf1 include:_spf.google.com include:amazonses.com ~allsoftfail (~all) - DMARC
- not published
- DKIM
-
- google:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCijfOi/JwWv7Qmq8aTmetlr9af4GEMDVTjPpZibmHpFZrz4sveXpd03Dqh2gNpjcWtp7A22PF7v4aRs2Y7e6… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ9x1jzUNAcglU3clDtWOoAdsUwJUvxu0VBiyhQDM95789BlhzTisQyg31s7bQxWBgSpIhpKnb1dQBjTGd… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCiERgp4gp/3wYoYqsIJVFRh/6oFTxkRNrlf9nTUuWk7eO977a9GBso8arcAlmoCs+P6T+40f0zrvoFr/B3HQplE…
selectors probed - google:
Certificate (current)
E7
Expires in 31 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing content type protection
- missing Referrer Policy
- missing Permissions Policy
Header values
- content-security-policy
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content;- strict-transport-security
max-age=31536000;includeSubdomains