urbanoutfitters.com
urbanoutfitters.com
HTML metadata
Technology
- Server
- nginx
- CMS
- Gatsby
- Cookie consent
-
- OneTrust
Third-party hosts loaded (5)
- images.ctfassets.net×4
- cdn.cookielaw.org×1
- imageseu.urbndata.com×1
- js.datadome.co×1
- urbanoutfitters24821z.btttag.com×1
Social
Registration
- Registrar
- SafeNames Ltd.
- Created
- 1996-05-01
- Expires
- 2027-05-02 346 days left
- Updated
- 2025-06-01
- Name servers
-
- ns-cloud-d1.googledomains.com
- ns-cloud-d2.googledomains.com
- ns-cloud-d3.googledomains.com
- ns-cloud-d4.googledomains.com
DNS records live
- NS
-
- ns-cloud-d1.googledomains.com
- ns-cloud-d2.googledomains.com
- ns-cloud-d3.googledomains.com
- ns-cloud-d4.googledomains.com
- MX
-
- 1 smtp.google.com
- TXT
-
Show 9 TXT records
/h8iiLkYgttLe2auwpeBF/5Hc1FMAm3ECf4wjDtSftBChVgQWR6GqrSuU5NjDK9GTy4TUOmTAk/yJ58M/X4/1A==datadome-domain-verify=wGGFzaMkgsCLVvt93T0EmSoVI38z92PbvCDbFWxnLZhhN2HzaV+OdOJjMubJuasCYu+yPo5tPQbsM3jJMbqifPrhHEzsEoyHypd3NCcV513v/v1ydxHlWA==klaviyo-site-verification=Ut82XBklaviyo-site-verification=X9MbHz1w527zzwvy8n7bhs58v4z7938jlw625smk-org-sso-0be0fb7a-9ec7-4807-908e-2cc73698f58c_qzw31a7e9l9clxrpafh50npc9st4rlu54v7qy9nkh7wwv4w8z44162z1f6xr0bm
- Verified for
-
- Adobe
- Anthropic
- Atlassian
- Figma
- Meta
- Microsoft 365
- Stripe
- Zoom
Email authentication weak
- SPF
-
v=spf1 ip4:209.11.206.190/32 ip4:198.54.242.56/32 ip4:216.183.124.160/27 ip4:12.178.224.80/28 ip4:64.18.0.0/20 ip4:208.255.148.64/26 ip4:65.242.66.128/26 ip4:164.109.50.45/32 ip4:204.115.126.0/23 ip4:198.135.30.120/32 ip4:23.96.125.248/32 ip4:23.96.126.101/32 ip4:198.135.28.0/22 include:spf.protection.outlook.com include:_spf.google.com -allstrict (-all) - DMARC
- not published
- DKIM
-
- google:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv4Pundew7S9Cs2NvTIsSJBumuZ0GjGP7R6aPynnkO1wkJKsoQpR4v7oeiAVn8kB56ZIs2EJ9W82Nt… - selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorxZdVWzborP8xna8x4oS8r8XcGqhl0KRVGsSNFTT1OrAX8IhXY+6PgeXkImb8zobGzC7NoRyfAkmv…
selectors probed - google:
Certificate (current)
WR3
Expires in 54 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-content-type-options
- referrer-policy
- cross-origin-opener-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing frame protection
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-content-type-options
nosniff- content-security-policy
default-src 'self' https://*.urbanoutfitters.com; script-src 'self' 'nonce-0P8dKwSY5CQha226L2n5VCoTIeBRZ62Y' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https:; connect-src 'self' https:; img-src 'self' * data: blob:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; media-src 'self' https://*.ctfassets.net https://*.scene7.com https://*.urbndata.com https://*.cloudfront.net https://*.api.bazaarvoice.com https://static.quiq-cdn.com; frame-src 'self' https://*.force.com https://*.pinterest.com https://*.stripe.com https://www.facebook.com https://*.krxd.net https://*.doubleclick.net https://www.google.com https://www.youtube.com https://*.snapchat.com https://*.attn.tv https://player.vimeo.com https://*.qualtrics.com https://*.bounceexchange.com https://*.salesforce.com https://*.8x8.com https://www.googletagmanager.com https://open.spotify.com https://*.myunidays.com https://*.flashtalking.com https://pay.google.com https://*.liadm.com https://*.adsrvr.org https- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
same-origin-allow-popups- cross-origin-resource-policy
same-site
Links to (3)
- apple.com×4
- google.com×4
- instagram.com×4