paypal-status.com
HTML metadata
Technology
- Server
- nginx
Third-party hosts loaded (1)
- www.paypalobjects.com×3
Registration
- Registrar
- MarkMonitor Inc.
- Created
- 2016-10-19
- Expires
- 2026-10-19 152 days left
- Updated
- 2026-02-05
- Name servers
-
- ns1-pchnet.paypal.com
- ns2-pchnet.paypal.com
- pdns100.ultradns.com
- pdns100.ultradns.net
DNS records live
- NS
-
- ns1-pchnet.paypal.com
- ns2-pchnet.paypal.com
- pdns100.ultradns.com
- pdns100.ultradns.net
- MX
-
- 10 mx1.paypalcorp.com
- 10 mx2.paypalcorp.com
- TXT
-
v=spf1 -all
Certificate (current)
DigiCert EV RSA CA G2
Expires in 21 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalcorp.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.paypalobjects.com https://*.paypal.com https://*.doubleclick.net https://*.google-analytics.com https://*.qualtrics.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypalobjects.com; media-src 'self' https://*.paypalobjects.com https://*.paypal.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com https://*.qualtrics.com- strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000