theharp.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-07 · ok HTTP/1.1 200 796 ms crawled 2026-05-06

US · 151.101.1.75 · AS54113 Fastly, Inc.

Reputation 97/100 dmarc monitor-only

Classifying

HTML metadata

Title: Home | The Harp in Boston & Foxborough, MA
Description: On game day or any day, with you through glory or defeat. Whether you're a Bruins, Celtics, New England Patriots or Revolution fan, we've got the perfect place for you to cheer on your favorite team in Boston at TD Garden or in Patriot Place at Gillette Stadium.
Language: en-US
Canonical: https://www.theharp.com/

Open Graph

url: https://www.theharp.com/
title: Home | The Harp in Boston & Foxborough, MA
site name: The Harp | Food, Drinks, Sports & Entertainment in Boston & Foxborough, MA
description: On game day or any day, with you through glory or defeat. Whether you're a Bruins, Celtics, New England Patriots or Revolution fan, we've got the perfect place for you to cheer on your favorite team in Boston at TD Garden or in Patriot Place at Gillette Stadium.

Technology

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (14)

images.getbento.com×13
theme-assets.getbento.com×4
www.googletagmanager.com×4
app-assets.getbento.com×3
amplify.review-alerts.com×1
assets-cdn-refresh.getbento.com×1
cdnjs.cloudflare.com×1
fonts.googleapis.com×1
fonts.gstatic.com×1
media-cdn.getbento.com×1
widgets.resy.com×1
www.facebook.com×1
www.google.com×1
www.gstatic.com×1

Social

Contact

Phone

Registration

Registrar

GoDaddy.com, LLC

Created

2004-05-13

Updated

2025-05-14

Name servers

ns07.domaincontrol.com
ns08.domaincontrol.com

DNS records live

NS

ns07.domaincontrol.com
ns08.domaincontrol.com

MX

0 theharp-com.mail.protection.outlook.com

TXT

google-site-verification=lfv-cFZH_DLvD2D9dAa7Qn_PaA5Nnd1OEgQfJf80lJs

Email authentication strong

SPF: v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC: v=DMARC1; p=none;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-18 to 2026-07-17

Expires in 59 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.theharp.com/

present

strict-transport-security
content-security-policy
x-frame-options
cross-origin-opener-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
content-security-policy: default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * https://cdn.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; script-src-elem * https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * https://heapanalytics.com https://viewer.threshold360.com blob: data:; style-src 'self' * https://heapanalytics.com https://viewer.threshold360.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://c.us.heap-api.com https://heapanalytics.com https://viewer.threshold360.com wss://viewer.threshold360.com blob:; font-src 'self' * https://heapanalytics.com https://viewer.threshold360.com data:; frame-src 'self' * https://viewer.threshold360.com; worker-src * blob:; media-src * blob: data:; frame-ancestors 'self';
strict-transport-security: max-age=2592000; includeSubDomains
cross-origin-opener-policy: same-origin