indexo.dev

ufcu.org

.org crawl

First seen 2026-04-14 · Last seen 2026-05-17 · ok HTTP/1.1 200 1442 ms crawled 2026-05-08

US · 104.16.4.14 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Personal Banking | UFCU
Description
UFCU is Austin’s largest locally owned credit union, offering trusted financial services and support to communities across Texas.
Language
en
Canonical
https://ufcu.org

Open Graph

title
Personal Banking
description
UFCU is Austin’s largest locally owned credit union, offering trusted financial services and support to communities across Texas.

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (5)

  • fonts.googleapis.com×2
  • dev.visualwebsiteoptimizer.com×1
  • fonts.gstatic.com×1
  • resources.digital-cloud-west.medallia.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone
Address
78766-9350, Austin, Texas, US

Registration

Registrar
DomainSpot LLC
Created
1994-09-20
Expires
2026-09-19 121 days left
Updated
2025-09-10
Name servers
  • ns3-09.azure-dns.org
  • ns1-09.azure-dns.com
  • ns2-09.azure-dns.net
  • ns4-09.azure-dns.info

DNS records live

NS
  • ns1-09.azure-dns.com
  • ns2-09.azure-dns.net
  • ns3-09.azure-dns.org
  • ns4-09.azure-dns.info
MX
  • 10 ufcu-org.mail.protection.outlook.com
TXT
Show 4 TXT records
  • amazonses:lVooPwliLbqjGnjcrhEBI2KI5lISjWb+1pnBjdXAM98=
  • mrcFvYqhc200OHcYBxFRvB9kReo6J346q0SLNqBersLF9bLYoB6cqumyzy1ckUWfIl70073VTVSsnK5s9YeS8Q==
  • amazonses:wz2GWV1Q7ie+XjAE6n/aYgPE2IqbsB4/giVwniapX9s=
  • heyhack-verification=0198e197-b5eb-73ec-98e8-2e8073f8c3fc
Verified for
  • 1Password
  • Apple
  • DocuSign
  • Dynamics 365
  • Google
  • Microsoft 365
  • Zoom

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com include:amazonses.com include:sendgrid.net include:_spf.ultipro.com include:vertifi.com ip4:144.86.200.0/22 ip4:147.160.167.0/26 ip4:23.21.109.197 ip4:23.21.109.212 ip4:35.80.141.6 ip4:44.229.121.55 ip4:148.59.100.16/28 ~all
softfail (~all)
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:dmarc_agg@vali.email
policy: none (monitoring only)
DKIM
Show 4 DKIM selectors
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzgD7yVOHsOdaon5TXqUOPsbMDGDbM1R5Obq0BvpU09iAyoPJnHLlEjFq1BYftFx64Tnw13rC8EkXockU43t…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxroVK7nHhI3sq4isCJCf3xGc6d6JKytdxdeqZOGg68rvzCQoTimNf1hXnQIqkmK881e/dN7/xj/8B2cdaBZ…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62oFiYfoz94tQyqRjNQVzN1pKyhPQU6ZVZR7J/MLQw8laeysGbdPv5MYGOSn7yOwbHLtdt0ssRQn6KDtNY…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvNT7Cm/8tb5pdOoJDieidqh6UAAZBnhTTqyP4j2HBeDk4k+B8/4R5Wr5b3EvVY1WnLTG7zTj9Qn9fKyTPt1UGxh…
selectors probed

Certificate (current)

WE1
from 2026-03-22 to 2026-06-20
Expires in 31 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://ufcu.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://*.facebook.net https://*.visualwebsiteoptimizer.com https://*.digital-cloud-west.medallia.com https://*.hotjar.com/ https://*.amazon-adsystem.com/ https://*.web-2-tel.com https://*.clarity.ms/ https://*.mathtag.com/ https://googleads.g.doubleclick.net https://js.monitor.azure.com https://maps.googleapis.com https://*.flashtalking.com https://*.talkdeskapp.com https://*.callrail.com https://*.rezync.com https://*.rfihub.com https://*.rfihub.net https://*.boomtrain.com https://*.liadm.com https://*.adnxs.com https://analytics.ahrefs.com/ https://public-usa.mkt.dynamics.com/ https://assets-usa.mkt.dynamics.com/ https://js.adsrvr.org https://cxppusa1rdrect01sa02cdn-endpoint.azureedge.net/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://mktdplp102cdn.azureedge.net/ https://eus.personalizationapi.pipe.int.trafficmanager.net/ https://ftlaunchpad.ai/ https://bu
strict-transport-security
max-age=31536000; preload

Links to (10)

Linked from (3)