playwrightshorizons.org

HTML metadata

Title: Playwrights Horizons
Description: A writer's theater dedicated to the development of contemporary playwrights, and to the production of innovative new work.
Language: en
Generator: Silverstripe CMS

Open Graph

url: https://www.playwrightshorizons.org
title: Home
description: A writer's theater dedicated to the development of contemporary playwrights, and to the production of innovative new work.

Technology

CDN: Amazon CloudFront
Server: nginx

Analytics

Google Tag Manager

Fonts

Adobe Fonts

Third-party hosts loaded (4)

res.cloudinary.com×4
d1qi3fyhpmf2yj.cloudfront.net×2
use.typekit.net×1
www.googletagmanager.com×1

Social

Contact

Email

info@phnyc.org

Phone

212 564 1235

Registration

Registrar

GoDaddy.com, LLC

Created

1999-01-23

Expires

2031-01-23 1709 days left

Updated

2026-01-07

Name servers

kai.ns.cloudflare.com
sreeni.ns.cloudflare.com

DNS records live

NS

kai.ns.cloudflare.com
sreeni.ns.cloudflare.com

MX

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
30 alt2.aspmx.l.google.com
40 aspmx2.googlemail.com
50 aspmx3.googlemail.com

TXT

google-site-verification=or-RHBgJwZu0e23J0HqFa3SMrgAntbynjoO66E8VcOs
facebook-domain-verification=hsbbxqb0djif2hs349kqh88jgutzjd
google-site-verification=N5RRYkL1nR3x8e3CfHa5PR60wnOR0-RLdTqDhZBeGq4

Email authentication strong

SPF

v=spf1 ip4:100.38.28.155 ip4:74.200.12.0/32 ip4:74.200.12.248/30 include:_spf.google.com include:servers.mcsv.net ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc@lansend.com; ruf=mailto:dmarc2@lansend.com; fo=1; pct=100

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRST4IN/5G+5v1FWzxVg7Xn1wwWl0ivLdmLRpiUvi7PjFPvnokiDnhrlojfbb1jjuxRlszB2MBt93HLT46KD…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

Amazon RSA 2048 M04

from 2026-03-22 to 2026-10-06

Expires in 139 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.playwrightshorizons.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1qi3fyhpmf2yj.cloudfront.net www.youtube.com cdn.plyr.io player.vimeo.com edge.marker.io js-agent.newrelic.com *.googletagmanager.com www.google-analytics.com *.hotjar.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net www.google.com storify.com platform.twitter.com e.issuu.com embedr.flickr.com widgets.flickr.com www.instagram.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' d1qi3fyhpmf2yj.cloudfront.net *.typekit.net cdn.plyr.io *.googletagmanager.com; img-src 'self' d1qi3fyhpmf2yj.cloudfront.net data: res.cloudinary.com i.vimeocdn.com i.ytimg.com googleads.g.doubleclick.net www.google.com www.google-analytics.com www.google.co.uk www.facebook.com *.googletagmanager.com ad.doubleclick.net live.staticflickr.com lh3.googleusercontent.com; object-src 'self' player.soundcloud.com; media-src 'self' tickets.ticketcentral.com; frame-src 'self' open.spotify.com player.vimeo.com www.youtube.com w
strict-transport-security: max-age=2592000; includeSubDomains

Links to (4)

Linked from (2)

ma-yitheatre.org×2
georgestrus.com×1