indexo.dev

statefairva.org

.org crawl

First seen 2026-06-01 · Last seen 2026-06-02 · ok HTTP/1.1 200 2388 ms crawled 2026-06-02

US · 13.88.18.55 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
State Fair of Virginia
Description
Celebrate the Best of Virginia
Language
en
Canonical
https://www.statefairva.org

Open Graph

url
https://www.statefairva.org/
title
State Fair of Virginia

Technology

jQuery
1.12.4 known XSS (<3.5)
Analytics
  • Google Tag Manager

Third-party hosts loaded (3)

  • cdn.saffire.com×8
  • www.googletagmanager.com×2
  • www.facebook.com×1

Social

Contact

Phone

DNS records live

NS
  • edns10.ultradns.biz
  • edns10.ultradns.com
  • edns10.ultradns.net
  • edns10.ultradns.org
MX
  • 10 statefairva-org.mail.protection.outlook.com
TXT
  • 74if9etmgnlskedud0tse9rbel
Verified for
  • Adobe
  • Cisco
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 ip4:65.222.242.94 include:spf.protection.outlook.com include:spf.constantcontact.com include:_spf.saffire.com include:_spf.psm.knowbe4.com -all
strict (-all)
DMARC
v=DMARC1; p=none; rua=mailto:61a671a0ec355@ag.dmarcly.com; ruf=mailto:61a671a0ec355@fo.dmarcly.com; sp=none;
policy: none (monitoring only) · sp=none
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTtBl6v23vKhb+o018cRrSzvryKI1v04aYB6WOfZbTpbb4yS76H5ey0RdJQLVyYXA22BdgLS3acAzxbb64qO…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEUQhWRy6YAM1xrZLHpuzDMLredDyEeJ5PdR7eunb2k7TnNSyQpVnXhfRg3/4km63q+nZjAV5/Lkb91+I5…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp/bx/q0bG3D1gRi2FARXDLZB4L6FoxT4QmWeJN8pNH1t8reKdNj2wrFwQijskdl/tG7oMLKonLhVB1rmK1JC4Zk…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2026-05-15 to 2026-11-30
Expires in 179 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.statefairva.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
strict-transport-security
max-age=31536000;

Links to (7)

Linked from (1)