xoom.com

HTML metadata

Title

Xoom, a PayPal Service | Send Money Online

Description

Transfer money online securely and easily with Xoom and save on money transfer fees. Wire money to a bank account in minutes or pick up cash at thousands of locations.

Language

en

Canonical

https://www.xoom.com/money-transfer

Translations

de-de
en-us
es-es
es-mx
fr-fr
hu-hu
it-it
ko-kr
nl-nl
pl-pl
pt-br
pt-pt
ro-ro
ru-ru
vi-vn
zh-cn

Technology

CMS: Next.js

Third-party hosts loaded (2)

www.paypalobjects.com×65
images.ctfassets.net×14

Contact

Phone

93 111 195 389

Registration

Registrar

MarkMonitor Inc.

Created

1996-12-03

Expires

2026-12-02 196 days left

Updated

2026-02-12

Name servers

ns1-pchnet.paypal.com
ns2-pchnet.paypal.com
pdns100.ultradns.com
pdns100.ultradns.net

DNS records live

NS

ns1-pchnet.paypal.com
ns2-pchnet.paypal.com
pdns100.ultradns.com
pdns100.ultradns.net

MX

10 mx1.paypalcorp.com
10 mx2.paypalcorp.com

TXT

Show 4 TXT records

MS=ms89760834
facebook-domain-verification=unj4rsz4wuvdg10v8z26d8xe4ww85c
google-site-verification=HWwzgfow6dPQU2RiSosmQZNSJ8S1xqdch1yMxD-2wsA
atlassian-domain-verification=Q8BdHlO6NYSN5njfC2rlbPQxksVfADlcxarxq4fesYJErtGKylvfcfyfwrPD/wnv

Email authentication strong

SPF

v=spf1 ip4:8.26.33.0/24 ip4:205.189.102.0/23 ip4:198.199.247.0/24 ip4:192.254.121.104/29 ip4:65.52.232.173/32 ip4:157.55.209.64/32 ip4:62.13.150.47/32 ip4:198.21.2.183 ip4:74.112.67.243 include:pp._spf.paypal.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; fo=1; rf=afrf; rua=mailto:d8f02ed7@mxtoolbox.dmarc-report.com,mailto:xoom@rua.agari.com; ruf=mailto:d8f02ed7@forensics.dmarc-report.com,mailto:dk@bounce.paypal.com,mailto:xoom@ruf.agari.com

policy: reject (enforced)

DKIM

default: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRNdXOdVe3SiCx/JwkyHhxKVCV73U7B9sDHOWQkDp5BtXMQfO4ctPwbJ3wDevTUDfseKt1oZjV+Z0f4UOVyU…
selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMb9dZfe1fB1mQMwtfN97ReEvX4IGt7CjK639nDrxSCAgReeLlCHwYhEESDwTItYfteHs/UpfS/dHW13RkE…

selectors probed

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2025-07-08 to 2026-07-08

Expires in 49 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.xoom.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-093f85c102034bc7cb6b50922c549fca' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/ https://www.datadoghq-browser-agent.com/ https://widg
strict-transport-security: max-age=15768000; includeSubDomains
cross-origin-opener-policy: same-origin

Links to (2)

kochava.com×4
paypal.com×4