What the catalog doesn&#x27;t tell you.

D-020 was relabeled from “Southern United States, 2020” to “Iraq, 2023”

Mission report D-020 is catalogued as Iraq 2023 — but the PDF's own embedded title still says Southern United States, 2020. Both files are byte-identical.

Why this one matters

Different country. Different year. The original-titled file is still served at a predictable URL. This is the single highest-impact discrepancy in the release.

Public catalog (uap-data.csv)

DOW-UAP-D020, Mission Report, Iraq, 2023 · incident 3/31/23 · Iraq

PDF /Title metadata

DOW-UAP-D20, Mission Report, Southern United States, 2020

Read the full finding →

Substantive discrepancies

Facts about the released data — not speculation. Each is verifiable from a file in the mirror.

Cable 2 catalogued as Kazakhstan; PDF says Dushanbe, Tajikistan

State Department UAP Cable 002 is listed under Kazakhstan in the public catalog, but the PDF's embedded title points to Dushanbe — capital of Tajikistan.

PR-073: the one video that wasn’t scrubbed

Of all 85 declassified UAP videos, exactly one leaks city-level location, names a credited individual, uses a non-AARO unit code, and preserves the raw DIA report ID. The other 84 are scrubbed of all four.

“Spherical UAP over AFG” — country field says United States

PR-055 (“Spherical UAP over AFG in and out of clouds, 23 Nov 2020”) has its DVIDS country field set to United States, not Afghanistan.

The D → PR crosswalk

Several internal D-series Mission Reports were re-released as public PR-series Unresolved UAP Reports. The PDFs still carry their original D-series titles.

PDF titles contain raw NARA shelfmarks

Some PDFs' embedded titles aren't UAP descriptions — they're the literal NARA shelfmarks. That tells you which archive box each document came from.

Catalog: “Techincal” · PDF: “Technical”

The catalog row for NASA-UAP-D007 misspells “Technical”. The PDF's own /Title field has it right.

Server-hygiene leftovers

Files and assets still publicly served but no longer referenced by the live page. The pattern itself is the finding.

Orphan PDFs still served at predictable URLs

Four PDFs are present on the public server but no longer referenced by the live manifest. Earlier versions remain quietly accessible.

Old stylesheets and an earlier-schema manifest still served

Older stylesheets and the prior-schema CSV manifest are still publicly served, but no longer referenced by the live page.

17 orphaned slideshow images from the v1 carousel

The live page's carousel only loads from `Slideshow-2/`. All 17 images in the original `Slideshow/` folder are orphaned but still served.

Two literal “Place Holder” links shipped live in the war.gov homepage footer

Two `<a href="#">Place Holder</a>` links sit in the rendered war.gov homepage footer. Devs forgot to fill in two nav slots and the placeholder text shipped to production.

rel=“noopeneer noreferrer” — typo appears 14× on the war.gov homepage

Every external link on the war.gov homepage uses `rel="noopeneer noreferrer"`. The correct attribute is `noopener`. The typo got copy-pasted into the template and shows up 14 times.

The Department of Defense → Department of War rename is half-finished in markup

Despite the public rebrand to “Department of War,” the war.gov homepage HTML still contains 13 “DOD” references, hosts every image from `media.defense.gov`, and lists both `DoW` and `DOW` capitalizations in its meta keywords.

Old Google + Bing site-verification tokens still in the `<head>`

The war.gov homepage carries two `google-site-verification` meta tags and two `msvalidate.01` (Bing) tags. In each pair, one token is presumably stale; nobody removed the old ones during whatever migration left them behind.

Tradecraft & curios

Producer fingerprints, country distributions, and HTML curios — colour and context for the release.

PDF creator fingerprints — the scanning toolchain

PDF `/Creator` and `/Producer` fields expose the full scanning and redaction toolchain used to assemble the release.

22 of 85 videos expose a specific country in DVIDS metadata

The public catalog mostly says “Middle East” or “Undisclosed Location.” The per-video DVIDS JSON exposes specific countries on 22 of the 85 videos.

Curios in the live HTML

Small leftovers in the live page's HTML — dev console logs, hidden links, internal-host meta tags, the Pentagon's coordinates, a typo'd `noopeneer`.

Two different 404 pages — one reveals which paths Akamai blocks at the edge

Most 404s on war.gov return a 98 KB DotNetNuke-styled error page with the full site chrome. But `/Admin/`, `/Install/`, `/Login.aspx`, and `/Login` return the 1245-byte raw Microsoft IIS 7 stock 404 — gray header, Verdana, “Server Error”. That tells you the path is intercepted at Akamai / the edge before the DNN app ever sees the request.

robots.txt names the entire DotNetNuke internal file tree

war.gov's robots.txt lists every internal DotNetNuke path — `/App_Code/`, `/App_GlobalResources/`, `/Controls/`, `/Utility/`, `/Components/`, `/Providers/`, `/Documentation/`, `/Install/`, `/Admin/`, `/bin/`, plus extensions `*.axd`, `*.exe`, `*.bin`, `*.dll`, `*.ssi`.

Spotlights nav includes “Operation Epic Fury”

Alongside “Memorial Day” and “Freedom 250”, the war.gov homepage Spotlights nav surfaces “Operation Epic Fury” — the public codename for the Feb 28, 2026 strikes against the Iranian regime’s security apparatus.