tcoe.org

HTML metadata

Title: TCOE | Home
Language: en
Generator: Sitefinity 15.4.8626.0 DX
Canonical: https://tcoe.org

Open Graph

url: https://tcoe.org
title: TCOE | Home
site name: Tulare County Office of Education

Technology

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×1
fonts.gstatic.com×1

Social

Contact

Phone

Registration

Registrar

GoDaddy.com, LLC

Created

1997-09-06

Expires

2027-09-05 474 days left

Updated

2025-07-06

Name servers

ns3-06.azure-dns.org
ns1-06.azure-dns.com
ns2-06.azure-dns.net
ns4-06.azure-dns.info

DNS records live

NS

ns1-06.azure-dns.com
ns2-06.azure-dns.net
ns3-06.azure-dns.org
ns4-06.azure-dns.info

MX

0 tcoe-org.mail.protection.outlook.com

TXT

Show 10 TXT records

brevo-code:02ccf6ed85adb0f8eae1ca767f98aa40
calendly-site-verification=trDkDNLlA6xJa49cw9LJXx4X5eBuOoWzW19g5S7mW
_woiruafa2dc0e20sj75v0gwackk3oma
MS=ms47950354
m1of6tvXUk944EsNuDSDJ9SfN4m6jPUs/0HAdNoUF4J25DMKrGWcYBTzVlfEe+nykMwz0WY9Gvr6eeDn00nX7A==
apple-domain-verification=yq1TS5E47e9NRTI8
google-site-verification=rWp2Bo6uvHOnUUb1HMbReY2GnSuW6yjbg4e4pi1RuZw
cisco-ci-domain-verification=41a0035221d92c889bf0524ebd6c6d30f7aa80a75b14aa47da1116056b7c28c2
y55p7qj979yjnydrrh3b15dbpnwjsv77
jamf-site-verification=49gR5_spKpwuSVXhIA98SQ

Email authentication strong

SPF

v=spf1 mx a ip4:204.155.1.250 ip4:204.155.11.133 include:spf.protection.outlook.com include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1;p=quarantine; pct=100;;rua=mailto:svc-dmarc-report@tcoe.org, mailto:dmarc_agg@vali.email

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZD5IE9yemwvcF9SeKl8RYmkPX7msSphWgl0dvObteob5TWR091ue1H4MnI/hfZa5cAkOrQsppRmHe…
selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6l/mG9Z08ANETl7dJrZYp5ju6lSjf46NOTv8pF9h5QDczf1pRj2+V4gbRc/kQVlpOT1Ppl3JEqbWE7buGMW…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMVf8P4zxkuhzvLTzWy3Mjd7IfB6WpHLtSXTT92lud5j7RRXOwgmAPeeWnDtVbcvqQ6cjET1KGOq3DEcZ4F0giKe…

selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2026-01-21 to 2027-02-22

Expires in 279 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://tcoe.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sp
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin

Links to (5)

Linked from (1)

1852visalia.com×1