indexo.dev

paccarfinancial.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-19 · ok HTTP/1.1 200 925 ms crawled 2026-05-06

US · 13.248.147.171 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
PACCAR Financial
Language
en-US

Open Graph

url
https://paccarfinancial.com/
title
Home
locale
en_US
site name
PACCAR Financial
locale:alternate
fr_CA

Technology

Server
Microsoft-IIS
Analytics
  • Google Tag Manager
Cookie consent
  • Cookiebot

Third-party hosts loaded (3)

  • www.googletagmanager.com×2
  • consent.cookiebot.com×1
  • opensource.org×1

Registration

Registrar
MarkMonitor Inc.
Created
1999-10-12
Expires
2026-10-12 144 days left
Updated
2025-09-10
Name servers
  • ha1.markmonitor.zone
  • ha2.markmonitor.zone
  • ha3.markmonitor.zone
  • ha4.markmonitor.zone

DNS records live

NS
  • ha1.markmonitor.zone
  • ha2.markmonitor.zone
  • ha3.markmonitor.zone
  • ha4.markmonitor.zone
Verified for
  • Microsoft 365

Email authentication no MX

SPF
v=spf1 include:%{d}.a1.spf-protect.agari.com exists:%{i}._i.%{d}._d.espf.agari.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:paccar@rua.agari.com; ruf=mailto:paccar@ruf.agari.com
policy: reject (enforced)
DKIM
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sisR2LtIRA2NNfwIdgeOgn4RRCqn7Et0yDw5hPxYb85eEcKppk0SKv9JG2Gi2TDMN5Fvh4q/e1fAE…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+pM/owuuvwMKEGmaBqkt76QE0ddZfBHUaC2DLy2jAjOEHvNhn9OAy3WPd16dWdHsJcII/ZXV5X2M0tJI4N…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0n8ozQrD81+mEWX1edF+rljm22YKfXjMEGmvke4QkNm8WfCscpYQvozsRQgjphe6MIdq5ACoAwSXzcX6yi9nvV2…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2025-09-10 to 2026-09-11
Expires in 113 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://paccarfinancial.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • weak content type protection
  • missing Permissions Policy
Header values
referrer-policy
no-referrer, strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self';script-src 'self' *.googletagmanager.com *.google.com *.gstatic.com *.cookiebot.com 'unsafe-eval' 'unsafe-inline';style-src 'self' *.typekit.net 'unsafe-inline';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.cookiebot.com;font-src 'self' *.typekit.net;form-action 'self';img-src 'self' data: dashboard.umbraco.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com;object-src 'none';frame-ancestors 'none';frame-src 'self' player.vimeo.com www.google.com *.cookiebot.com
strict-transport-security
max-age=2592000; includeSubDomains; preload, max-age=31536000;

Links to (5)

Linked from (4)