runreg.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-17 · ok HTTP/1.1 200 5742 ms crawled 2026-05-07

US · 104.18.26.198 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: RunReg.com - online running event registration
Language: en

Open Graph

url: https://www.runreg.com/our-services?orc=1
title: RunReg - online running event registration
site name: RunReg.com

Technology

CDN: Cloudflare

Fonts

Font Awesome
Google Fonts

Third-party hosts loaded (8)

d2i2wahzwrm1n5.cloudfront.net×15
fonts.googleapis.com×4
ajax.aspnetcdn.com×2
ajax.googleapis.com×2
code.jquery.com×1
fonts.gstatic.com×1
use.fontawesome.com×1
www.google.com×1

Registration

Registrar

Cloudflare, Inc.

Created

2000-10-04

Expires

2026-10-04 137 days left

Updated

2025-09-04

Name servers

ram.ns.cloudflare.com
rosa.ns.cloudflare.com

DNS records live

NS

ram.ns.cloudflare.com
rosa.ns.cloudflare.com

MX

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
30 alt2.aspmx.l.google.com
40 aspmx2.googlemail.com
50 aspmx3.googlemail.com

TXT

google-site-verification=m8MeGfyWVzal7utorMYUyZj_sCYkTwxZ8L0ho5hDrI4
21ms1sikf5k0ff8o1fgkcjqs8
google-site-verification=UuBOQjxL01JKJlB05q-Zz7GPHn2Z_vEgaeIRihd8u3Y

Email authentication strong

SPF

v=spf1 include:amazonses.com include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@runreg.com

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi29cu7WUIJNAcfI33ks+VZM5KmLMosFcats9leAoIUB0cXtIWgLIha5aPJQMsKJztJLIunnmxmjfdJ…

selectors probed

Certificate (current)

WE1

from 2026-03-17 to 2026-06-15

Expires in 27 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.runreg.com/?orc=1

present

strict-transport-security
content-security-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' pay.google.com *.strava-embed.com https://static.cloudflareinsights.com https://www.paypal.com https://songbird.cardinalcommerce.com *.googletagservices.com js-agent.newrelic.com service.force.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com static.client.cardinaltrusted.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com
strict-transport-security: max-age=31536000