indexo.dev

pennymac.com

.com crawl

First seen 2026-05-10 · Last seen 2026-05-16 · ok HTTP/1.1 200 3713 ms crawled 2026-05-16

US · 3.18.201.239 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
PENNYMAC - Your Partner in Home Loans & Mortgage Solutions
Description
Discover Pennymac, a top national mortgage lender offering competitive rates and personalized home loan solutions. Apply online or explore refinancing today.
Language
en
Canonical
https://www.pennymac.com/
Feeds

Open Graph

url
https://www.pennymac.com/
title
PENNYMAC - Your Partner in Home Loans & Mortgage Solutions
locale
en_US
site name
Pennymac
description
Discover Pennymac, a top national mortgage lender offering competitive rates and personalized home loan solutions. Apply online or explore refinancing today.

Technology

Server
nginx
Analytics
  • Google Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Third-party hosts loaded (9)
  • www.googletagmanager.com×3
  • www.google.com×2
  • ajax.googleapis.com×1
  • create.leadid.com×1
  • dev.visualwebsiteoptimizer.com×1
  • fonts.googleapis.com×1
  • fonts.gstatic.com×1
  • www.google-analytics.com×1
  • www.gstatic.com×1

Social

Contact

Phone
Address
rd Party Loan Servicer. Texas office: 5025

Registration

Registrar
Amazon Registrar, Inc.
Created
2007-01-15
Expires
2030-09-23 1588 days left
Updated
2022-12-21
Name servers
  • ns-1189.awsdns-20.org
  • ns-200.awsdns-25.com
  • ns-2027.awsdns-61.co.uk
  • ns-683.awsdns-21.net

DNS records live

NS
  • ns-1189.awsdns-20.org
  • ns-200.awsdns-25.com
  • ns-2027.awsdns-61.co.uk
  • ns-683.awsdns-21.net
MX
  • 10 mx0a-00153b01.pphosted.com
  • 10 mx0b-00153b01.pphosted.com
TXT
Show 12 TXT records
  • asv=019e937c3d537efe1e70b53df6cba665
  • docusign=94cc02fe-194e-4141-a7cb-45112fb0462c
  • eql1up6d7um11fganaqo4ja2ed
  • google-site-verification=7-uiQp8CvRDjzkMZmxFjzPQsYSamqM9HqfpN6ExVL3E
  • google-site-verification=Cp9qs-5i-FZ6cZNRoOgj3nAMeUHAxAvdVjeTWYmLbJw
  • google-site-verification=F_t1oTvYQzkAPU1fvfxAR8mpBaV-WktwEHMiUZ2erfg
  • google-site-verification=V8jK0Y2GALme_6yh3RzftY4vFQSevCUOqwrNHXmk6J8
  • slack-domain-verification=XpdssXwczfgG50PeVGQ441YiifVsP2pfP8HtlJLA
  • _zzaykzi9612zrgp0neywdnpcbeaiulg
  • amazonses:JiXizCyFIOaUhGEpMbAbRUWoCKAmS+eiaeZ/G44A4OU=
  • amazonses:b3R0AnjgkIEcpULasD+eqhG+aNMQZhEBGHvCMwl77xQ=
  • apple-domain-verification=y6SkxNLiRGrIpI3m7amfuIlqqtNPDTtPzi23Lw9FXaA

Email authentication strong

SPF
v=spf1 ip4:208.86.201.241 ip4:67.231.145.92 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:spf1.pnmac.com include:spf2.pnmac.com include:amazonses.com include:mail.zendesk.com include:_spf.optimalblue.com include:_spf.atlassian.net ~all
softfail (~all)
DMARC
v=DMARC1;p=reject;pct=100;rua=mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpndG4UpRIymMLnD/YCfKb9uKjVU24ec+7BUQQAUYNdQVd+VcdAj5mQoHXUewKP2nmY4iiQGLgOE3Y…
selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2025-10-01 to 2026-11-02
Expires in 167 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.pennymac.com/

present
  • strict-transport-security
  • content-security-policy
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
Header values
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(*), attribution-reporting=(), autoplay=(*), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(*), fullscreen=(*), geolocation=(*), gyroscope=(*), hid=(self), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(*), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(*), window-management=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' blob:; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.googletagmanager.com *.vwo.com *.visualwebsiteoptimizer.com *.google.com; frame-ancestors 'self' *.pennymac.com *.adobe.com *.google.com *.googletagmanager.com *.vwo.com *.visualwebsiteoptimizer.com; frame-src 'self' *.pennymac.com *.youtube.com *.instagram.com *.vimeo.com *.youtube-nocookie.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.google.com *.leadid.com *.cloudfront.net *.vwo.com *.visualwebsiteoptimizer.com app.vwo.com *.picflow.com; connect-src 'self' *.reddit.com *.onetrust.com *.google.com *.play.google.com *.googleapis.com *.bing.com *.nr-data.net *.cookielaw.org *.reson8.com *.visualwebsiteoptimizer.com *.pennymac.com *.tealiumapis.com *.doubleclick.net *.tealiumiq.com *.yimg.com *.linkedin.com *.adsrvr.org *.leadid.com *.googleadservices.com *.go
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin

Links to (9)

Linked from (1)