philadelphiafed.org
philadelphiafed.org
HTML metadata
Technology
- CDN
- Akamai
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (1)
- www.googletagmanager.com×1
Social
Contact
- Phone
- Address
- Ten Independence MallPhiladelphia, PA 19106(215) 574-6000
Registration
- Registrar
- GoDaddy.com, LLC
- Created
- 2003-11-20
- Expires
- 2026-11-20 184 days left
- Updated
- 2026-01-04
- Name servers
-
- pdns108.ultradns.org
- pdns108.ultradns.biz
- pdns108.ultradns.com
- pdns108.ultradns.net
- ns60.ultradns2.org
- ns60.ultradns2.com
DNS records live
- NS
-
- ns60.ultradns2.com
- ns60.ultradns2.org
- pdns108.ultradns.biz
- pdns108.ultradns.com
- pdns108.ultradns.net
- pdns108.ultradns.org
- MX
-
- 10 mx1.frb.iphmx.com
- 10 mx2.frb.iphmx.com
- TXT
-
Show 6 TXT records
CS0007469MS=ms66225712_ewmmdmi2ekoz44wa7ffgrjbu4faewry_yhazly0junwf96fnth7lfw56rgk11vvRW20NtAErQGNilzjjA7Ti0932TU:FBD4-562A-2E00-D012-8DAD-9CD5-0612-44D3_pki-validation.philadelphiafed.org 5B56-9C03-0387-FFC8-833A-2C25-C603-5687
Email authentication strong
- SPF
-
v=spf1 ip4:199.169.200.4 ip4:199.169.204.4 ip4:199.169.240.69 ip4:199.169.208.69 exists:%{i}.spf.frb.iphmx.com include:spf.protection.outlook.com include:e2ma.net ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:dmarcreporting@frb.orgpolicy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 41 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), hid=(), idle-detection=(), interest-cohort=(), serial=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://public.tableau.com/ https://code.jquery.com/ https://www.ssa.gov https://*.tile.openstreetmap.org https://tiles.stadiamaps.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com/bootstrap/ https://code.jquery.com/ https://www.ssa.gov https://cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://public.tableau.com https://policymap.com/ https://www.policymap.com/ https://*.jquery.com/ https://export.highcharts.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com https://public.tableau.com/ https://www.ssa.gov https://ajax.googleapis.com https://www- strict-transport-security
max-age=31536000 ; includeSubDomains- cross-origin-resource-policy
same-origin