sandiegounified.org
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- Joomla
- Analytics
-
- Cloudflare Insights
- Google Tag Manager
- Social widgets
-
- Twitter Widget
- YouTube Embed
Third-party hosts loaded (13)
- cdnsm5-ss18.sharpschool.com×35
- cdnsm1-ssradscript.sharpschool.com×14
- cdnsm2-ss18.sharpschool.com×10
- cdnsm1-ss18.sharpschool.com×6
- cdnsm4-ss18.sharpschool.com×4
- cdnjs.cloudflare.com×2
- cdn.jsdelivr.net×1
- cdnsm1-sstemplatefonts.sharpschool.com×1
- platform.twitter.com×1
- static.cloudflareinsights.com×1
- www.googletagmanager.com×1
- www.instagram.com×1
- www.youtube.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns55.domaincontrol.com
- ns56.domaincontrol.com
- MX
-
- 10 usb-smtp-inbound-1.mimecast.com
- 10 usb-smtp-inbound-2.mimecast.com
- 50 sandiegounified-org.mail.protection.outlook.com
Email authentication partial
- SPF
-
v=spf1 include:sandi.net -allstrict (-all) - DMARC
-
v=DMARC1; p=none; rua=mailto:survey@sandiegounified.orgpolicy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
WR1
Expires in 61 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
fullscreen=(self "https://youtube.com/" "https://www.youtube.com/" "https://youtu.be/")- x-content-type-options
nosniff- content-security-policy
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self';- strict-transport-security
max-age=31536000; includeSubDomains