unocha.org

HTML metadata

Title: OCHA
Description: United Nations Office for the Coordination of Humanitarian Affairs
Language: en
Generator: Drupal 11 (https://www.drupal.org)
Canonical: https://www.unocha.org/

Open Graph

title: OCHA
description: United Nations Office for the Coordination of Humanitarian Affairs

Technology

CMS: Drupal

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×2
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

Amazon Registrar, Inc.

Created

2000-01-25

Expires

2032-01-25 2076 days left

Updated

2026-05-06

Name servers

ns3-03.azure-dns.org
ns1-03.azure-dns.com
ns2-03.azure-dns.net
ns4-03.azure-dns.info

DNS records live

NS

ns1-03.azure-dns.com
ns2-03.azure-dns.net
ns3-03.azure-dns.org
ns4-03.azure-dns.info

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 7 TXT records

google-site-verification=urHB_w8V4RMt5ru5zC7qk-5aOuB9JsaYywSYbO4iZII
ibnvd4q6skkf1k9oguiueh0vo
google-site-verification=khPdrY4udtTSeGaLSTEqPcZCqZWnq0j1QNA3IUUZMJY
proxy-ssl.webflow.com
pvcscamj04ead6vembfpkqd0po
7ba6c7ry_s6BD3_eVjXQHQAsd61-QuSR6Mh_3gcBWMQ
google-site-verification=7ba6c7ry_s6BD3_eVjXQHQAsd61-QuSR6Mh_3gcBWMQ

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:_spf.reliefweb.int include:_spf.salesforce.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:dmarc@reliefweb.int; ruf=mailto:dmarc@reliefweb.int; fo=0:1:d:s; adkim=r; aspf=r

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp7Ze3zSsPHMzI/kfeBxJ6vRTV/2755HTjKF9iWKrPR4374s4HZg+Jw58Ez8Z8LxHj7c7u+J2OmMUK…

selectors probed

Certificate (current)

Amazon RSA 2048 M01

from 2025-11-25 to 2026-12-24

Expires in 218 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.unocha.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com https://tagmanager.google.com https://cdn.popupsmart.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://connect.facebook.net https://partner.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.clarity.ms https://c.bing.com https://pol.is/embed.js; object-src 'none'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com fonts.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://cbpfgms.github.io https://cdn.popupsmart.com https://use.fontawesome.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: https://*; media-src 'self' data: https://mvsfservicefabricusva.blob.core.windows.net; frame-src 'self' https://*.googletagmanager.com https://bid.g.doubleclick.net https://td.dou
strict-transport-security: max-age=31536000; includeSubDomains