indexo.dev

savingsbank.com

.com crawl

First seen 2026-04-22 · Last seen 2026-05-18 · ok HTTP/1.1 200 2670 ms crawled 2026-05-15

US · 18.165.122.40 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Savings Bank of Mendocino County
Description
Investing in the Future!
Language
en-US
Generator
WordPress 6.9.4
Canonical
https://www.savingsbank.com/
Feeds

Open Graph

url
https://www.savingsbank.com/
title
Savings Bank of Mendocino County
locale
en_US
site name
Savings Bank of Mendocino County
description
Investing in the Future!

Technology

CDN
Amazon CloudFront
Server
Apache
CMS
WordPress
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • secure2.fundsxpress.com×3
  • fonts.googleapis.com×2
  • gmpg.org×1
  • sbmcuca.banking.apiture.com×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
CSC Corporate Domains, Inc.
Created
1995-08-07
Expires
2026-08-06 77 days left
Updated
2025-08-02
Name servers
  • ns-1134.awsdns-13.org
  • ns-1724.awsdns-23.co.uk
  • ns-297.awsdns-37.com
  • ns-848.awsdns-42.net

DNS records live

NS
  • ns-1134.awsdns-13.org
  • ns-1724.awsdns-23.co.uk
  • ns-297.awsdns-37.com
  • ns-848.awsdns-42.net
MX
  • 10 mxa-00525301.gslb.pphosted.com
  • 20 mxb-00525301.gslb.pphosted.com
TXT
Show 4 TXT records
  • fgyl20xygptfp4pdykmb8s0v2r86cqld
  • vmware-cloud-verification-41e3ea26-09af-4485-902b-324db8c4200e
  • 59307013816D836E813AAE75D3781C3D.533A100A58D270757588E2FD928A6C94.sectigo.com
  • KLi+m2bMJ1MzB9MRyiWH/bcwDpht1XT8iyaXQG8tdhdAvcNFXZppUzirJlKsrIO6/nurpB5smAvZBdIJLeMFww==
Verified for
  • DocuSign
  • Google
  • Microsoft 365
  • Yahoo

Email authentication partial

SPF
v=spf1 a:dnsus1.accellion.com a:dnsus2.accellion.com a:monitor.ensenta.com include:gateways.apiture.com include:spf-00525301.pphosted.com ip4:44.214.246.148/32 ~all
softfail (~all)
DMARC
v=DMARC1; p=none; fo=1; rua=mailto:2b38cd97@mxtoolbox.dmarc-report.com; ruf=mailto:2b38cd97@forensics.dmarc-report.com;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

DigiCert EV RSA CA G2
from 2026-02-05 to 2027-03-09
Expires in 292 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.savingsbank.com/

present
  • strict-transport-security
  • content-security-policy
  • content-security-policy-report-only
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' *.fundsxpress.com *.apiture.com *.google.com *.hrmdirect.com https://newassets.hcaptcha.com; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.fundsxpress.com *.apiture.com *.google-analytics.com *.googleapis.com *.jsdelivr.net https://www.fdic.gov *.pusher.com https://reports.hrmdirect.com https://js.hcaptcha.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.jsdelivr.net https://reports.hrmdirect.com; font-src 'self' data: *.typekit.net *.jsdelivr.net *.gstatic.com; connect-src 'self' *.googleapis.com *.pusher.com https://www.google-analytics.com; img-src 'self' data: 'unsafe-inline' *.googleapis.com http://www.savingsbank.com *.savingsbank.com d2iiunr5ws5ch1.cloudfront.net https://cdn.jsdelivr.net https://www.googletagmanager.com; report-to https://csp-reports.apiture.com/reports; report-uri https://csp-reports.apiture.com/reports;
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
unsafe-none
cross-origin-embedder-policy
unsafe-none; report-to='default'
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' *.fundsxpress.com *.apiture.com *.google.com *.hrmdirect.com https://newassets.hcaptcha.com; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.fundsxpress.com *.apiture.com *.google-analytics.com *.googleapis.com *.jsdelivr.net https://www.fdic.gov *.pusher.com https://reports.hrmdirect.com https://js.hcaptcha.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.jsdelivr.net https://reports.hrmdirect.com; font-src 'self' data: *.typekit.net *.jsdelivr.net *.gstatic.com; connect-src 'self' *.googleapis.com *.pusher.com https://www.google-analytics.com; img-src 'self' data: 'unsafe-inline' *.googleapis.com http://www.savingsbank.com *.savingsbank.com d2iiunr5ws5ch1.cloudfront.net https://cdn.jsdelivr.net https://www.googletagmanager.com; report-to https://csp-reports.apiture.com/reports; report-uri https://csp-reports.apiture.com/reports;

Links to (8)

Linked from (3)