portlandstreetcar.org

.org crawl

First seen 2026-04-12 · Last seen 2026-05-20 · ok HTTP/1.1 200 6996 ms crawled 2026-05-20

US · 198.251.75.42 · AS8560 IONOS SE

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Portland Streetcar
Description: Explore Portland in comfort with the Portland Streetcar! Our efficient and eco-friendly streetcars connect you to major neighborhoods and attractions across the city. Enjoy convenient, reliable, and accessible transit options every day.
Language: en

Technology

Server: Apache
Stack: PHP

Analytics

Google Tag Manager

Third-party hosts loaded (4)

d1o0i0v5q5lp8h.cloudfront.net×3
maps.googleapis.com×1
webservices.umoiq.com×1
www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar

Tucows Domains Inc.

Created

1999-01-18

Expires

2027-01-18 242 days left

Updated

2026-03-04

Name servers

charles.ns.cloudflare.com
ruth.ns.cloudflare.com

DNS records live

NS

charles.ns.cloudflare.com
ruth.ns.cloudflare.com

MX

0 portlandstreetcar-org.mail.protection.outlook.com

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

from 2026-05-20 to 2026-08-18

Expires in 89 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://portlandstreetcar.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: form-action 'self' https://*.list-manage.com; frame-ancestors 'none'; upgrade-insecure-requests; default-src 'self'; script-src 'report-sample' 'nonce-YWcyWWZoOGpXWGRDRFNBTTRHc2RMZ0FBQUFZ' 'unsafe-inline' 'strict-dynamic' https: http:; style-src 'report-sample' 'self' https://ajax.googleapis.com https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src https://ka-p.fontawesome.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://analytics.google.com https://*.elfsight.com https://*.algolianet.com https://*.algolia.net https://cdn.jsdelivr.net 'self'; font-src 'self' data: https://fonts.gstatic.com; child-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; img-src 'self' https://d1o0i0v5q5lp8h.cloudfront.net https://portlandstreetcar.org https://www.google-analytics.com https://www.google.com https://cm.g.double
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-resource-policy: same-site

Links to (2)

instagram.com×3
twitter.com×3

Linked from (2)

savannahjulian.com×2
oof.studio×1