phl.org

HTML metadata

Title: PHL Philadelphia International Airport | PHL.org
Language: en
Generator: Drupal 10 (https://www.drupal.org)
Canonical: http://www.phl.org/

Technology

CDN: Cloudflare
CMS: Drupal

Analytics

Google Tag Manager

Fonts

Adobe Fonts
Google Fonts

Third-party hosts loaded (12)

cdnjs.cloudflare.com×6
cdn.jsdelivr.net×4
code.jquery.com×4
fonts.googleapis.com×2
www.googletagmanager.com×2
cdn.fastcomments.com×1
fonts.gstatic.com×1
phl.wherewefly.com×1
script.crazyegg.com×1
translate.google.com×1
use.typekit.net×1
www.facebook.com×1

Social

Registration

Registrar

Wild West Domains, LLC

Created

1995-12-19

Expires

2026-12-18 212 days left

Updated

2024-06-10

Name servers

leonidas.ns.cloudflare.com
perla.ns.cloudflare.com

DNS records live

NS

leonidas.ns.cloudflare.com
perla.ns.cloudflare.com

MX

0 phl-org.mail.protection.outlook.com

TXT

Show 7 TXT records

ecostruxure-it-verification=1f2c7b78-5a1d-4e89-ab31-f66d9601c8fe
onetrust-domain-verification=2569e888e40b41c098b1a2212c56f895
phldev
MS=ms22368506
apple-domain-verification=sL46Qkzp7aVpSCBe
asv=761cc422448bff0e2eedadf2365c457a
autodesk-domain-verification=ClYje-M-rpp7GLAXEaa5

Email authentication partial

SPF

v=spf1 ip4:192.82.102.0/24 ip4:65.74.169.90 ip4:65.74.169.93 ip4:107.23.133.48 ip4:208.185.229.0/24 ip4:208.185.235.0/24 ip4:148.59.108.0/23 ip4:148.59.106.0/23 ip4:148.59.107.25 ip4:148.59.109.25 ip4:147.160.167.0/26 ip4:23.21.109.197 ip4:23.21.109.212 ip4:149.72.147.186 ip4:167.89.101.239 ip4:168.245.40.44 ip4:142.0.180.120 include:spf.protection.outlook.com include:servers.mcsv.net include:_spf.samanage.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; ruf=mailto:dmarc@phl.org; rua=mailto:7d9ee28f84cc4f45bfb8aa8cbcafb614@dmarc-reports.cloudflare.net

policy: none (monitoring only)

DKIM

Show 4 DKIM selectors

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOPW+yJXHmSxk4dfEzobdpJBZGc6jZKSyv4KXEI5NA9NFeNxmLFOzvJDbgW/E3QVMkYnizr8DbxQ1RcLrjjT…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyep0xLZ8fMI6NAAp8k9F/S7GMfqSryg5fX+M47xf9KUpkNhGarD4LqYcHAXVgAnDAfIXECv9lhAVGeeiJJ…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqZkpuXXDTcIUrOCQObMwHns0SttuNQKtK3aLRk5hoM/0zWZbRA+qsNubCEPmKymGKGwt2WDHAmqCUcI5I…

selectors probed

Certificate (current)

WE1

from 2026-04-21 to 2026-07-20

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.phl.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://*.phl.org https://phl.org http://phl-preprod.eastus2.cloudapp.azure.com https://*.opendns.com; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com https://cdn.fastcomments.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.crazyegg.com https://api.livereachmedia.com https://code.jquery.com https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://cdn.jsdelivr.net https://*.doubleclick.net https://*.googleadservices.com https://connect.facebook.net https://*.phl.org https://phl.org http://phl-preprod.eastus2.cloudapp.azure.com https://*.opendns.com http://*.crazyegg.com http://code.jquery.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net
strict-transport-security: max-age=63072000; includeSubDomains