tmarks.com
HTML metadata
Technology
Third-party hosts loaded (7)
- cdn.asicentral.com×33
- cdnjs.cloudflare.com×12
- commonmedia.asicentral.com×3
- ajax.googleapis.com×1
- maxcdn.bootstrapcdn.com×1
- tmarks.espwebsite.com×1
- translate.google.com×1
Contact
- Phone
Registration
- Registrar
- Network Solutions, LLC
- Created
- 2002-01-08
- Expires
- 2027-01-08 233 days left
- Updated
- 2021-11-09
- Name servers
-
- ns3.zoneedit.com
- ns9.zoneedit.com
DNS records live
- NS
-
- ns3.zoneedit.com
- ns9.zoneedit.com
- MX
-
- 5 tmarks-com.mail.eo.outlook.com
- TXT
-
_99gk3akx10p3vlzs3z067x7a7000cwgMS=ms79427766
Email authentication partial
- SPF
-
v=spf1 ip4:216.74.235.146 ip4:216.74.235.147 ip4:216.74.235.152 ip4:216.74.235.153 ip4:216.74.235.158 include:spf.protection.outlook.com -allstrict (-all) - DMARC
-
v=DMARC1; p=none; sp=none; fo=0; ri=3600; rua=mailto:tmarks@rua.agari.com,mailto:administrator@tmarks.com; ruf=mailto:tmarks@ruf.agari.com,mailto:administrator@tmarks.compolicy: none (monitoring only) · sp=none - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 51 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SameOrigin- permissions-policy
fullscreen=(),accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()- x-content-type-options
nosniff- content-security-policy
frame-ancestors 'self' *.espwebsite.com; frame-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; object-src 'self'; child-src 'self' https: ; font-src 'self' data: https: ; base-uri 'self' https: ; default-src 'self' https: ; form-action 'self' https: ; img-src 'self' data: https: ; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https: wss: ; manifest-src 'self'; worker-src blob:- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
same-origin- cross-origin-embedder-policy
unsafe-none- cross-origin-resource-policy
same-site