tanotofoundation.org — domain check, WHOIS, DNS & reputation

HTML metadata

Title

Home - Tanoto Foundation

Language

en-US

Generator

WordPress 7.0

Canonical

https://www.tanotofoundation.org/

Translations

en

Feeds

Open Graph

url: https://www.tanotofoundation.org/
title: Home - Tanoto Foundation
locale: en_US
site name: Tanoto Foundation

Technology

CMS: WordPress 7.0
jQuery: 3.7.1

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (4)

fonts.googleapis.com×2
unpkg.com×2
app-script.monsido.com×1
www.googletagmanager.com×1

Social

DNS records live

NS

dns1.cscdns.net
dns2.cscdns.net

MX

10 mxa-009cad01.gslb.pphosted.com
20 mxb-009cad01.gslb.pphosted.com

Verified for

Google
Microsoft 365

Email authentication partial

SPF

v=spf1 mx include:spfa.tanotofoundation.org include:spfb.tanotofoundation.org include:spfc.tanotofoundation.org -all

strict (-all)

DMARC

v=DMARC1; p=none; fo=1; rua=mailto:DMARC-Agg@tanotofoundation.org;ruf=mailto:DMARC-Rpt@tanotofoundation.org

policy: none (monitoring only)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

R13

from 2026-04-20 to 2026-07-19

Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.tanotofoundation.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' gap:; script-src 'self' data: https://ams.wpml.org https://www.tanotofoundation.org *.tanotofoundation.org https://unpkg.com *.twitter.com https://snap.licdn.com https://unpkg.com/swiper/swiper-bundle.min.js https://app-script.monsido.com/v2/monsido-script.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://googleads.g.doubleclick.net/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com *.recaptcha.net *.instagram.com *.linkedin.com *.cloudflare.com *.youtube.com *.spotify.com *.jsdelivr.net *.jquery.com 'unsafe-inline' 'unsafe-eval'; frame-src blob: data *.googletagmanager.com *.twitter.com https://td.doubleclick.net/ https://bid.g.doubleclick.net/ *.tanotofoundation.org *.googleadservices.com *.google.com *.recaptcha.net *.linkedin.com *.facebook.com *.instagram.com *.youtube.com *.spotify.com *.jsdelivr.net *.jquery.com 'unsafe-inl
strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains; preload

Links to (2)

youtube.com×1
linkedin.com×1

Linked from (2)

inside-rge.com×1
rgei.com×1