indexo.dev

thorograph.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-06 · ok HTTP/1.1 200 1621 ms crawled 2026-05-06

US · 67.227.154.4 · AS32244 Liquid Web, L.L.C

Reputation 100/100

Classifying

HTML metadata

Title
Thoro-Graph - Everything You Need to Win
Description
Everything You Need to Win. Thoro-Graph provides serious horse players and handicappers with performance figures (also known as figures or speed ratings ) on a graph, pattern pedigree profiles, jockey trainer statistics. thoro-graph is also an industry leader in high-tech management services for trainers and owners.

Technology

Server
Apache
Fonts
  • Google Fonts

Third-party hosts loaded (1)

  • fonts.googleapis.com×1

Contact

Email

Registration

Registrar
GoDaddy.com, LLC
Created
1997-01-14
Expires
2035-01-13 3159 days left
Updated
2025-04-28
Name servers
  • ns17.domaincontrol.com
  • ns18.domaincontrol.com

DNS records live

NS
  • ns17.domaincontrol.com
  • ns18.domaincontrol.com
MX
  • 0 vps.thorograph.com

Email authentication strong

SPF
v=spf1 +a +mx +ip4:67.227.154.4 +ip4:67.227.231.31 ~all
softfail (~all)
DMARC
v=DMARC1;p=quarantine;pct=100;rua=mailto:dmarc-reports@thorograph.com;ruf=mailto:dmarc-reports@thorograph.com
policy: quarantine
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD5fLmSBks4Owy16GTgcGlAdIaznytpBgAkO6y4zVy5zRjl64tyVDNKgph5tB7UohqZaBk0ZM7qwqQ…
selectors probed

Certificate (current)

R12
from 2026-03-16 to 2026-06-14
Expires in 24 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.thorograph.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak content type protection
  • missing Permissions Policy
Header values
referrer-policy
same-origin, no-referrer
x-frame-options
sameorigin
x-content-type-options
nosniff, nosniff
content-security-policy
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.authorize.net;
strict-transport-security
max-age=300; includeSubDomains; preload

Linked from (2)