Old Google + Bing site-verification tokens still in the `<head>`
The war.gov homepage carries two `google-site-verification` meta tags and two `msvalidate.01` (Bing) tags. In each pair, one token is presumably stale; nobody removed the old ones during whatever migration left them behind.
Harmless on its own, but reveals at least one prior site ownership-handoff or platform migration. Whoever held the stale tokens once had verified ownership in Google Search Console / Bing Webmaster Tools.
Evidence
From the homepage <head>:
html
<meta name="google-site-verification" content="lcQS9MV5xMisePG-IKaE9ZNfyaMJ9qVLemvuOy3PRFQ" />
<meta name="msvalidate.01" content="235F405786FAB553A2A8EF5FD13514A7" />
<meta name="msvalidate.01" content="4BAA65E882EAE4403F4FAB3443D34664" />
<meta name="google-site-verification" content="nfNn_S6Ki0r3N9JWs7xQ6wLvXG7aNfgm5yKHnZMobhU" />
Notice the interleaved order (Google, Bing, Bing, Google) — likely two different teams added their own verification tokens at different times. Bing is duplicated within consecutive lines; Google’s two are on the outside. Both Google and Bing accept either token, so the site stays verified for both teams.